Introduction
Cisco ASA packet capture and PIX firewall have a very nice feature set to capture traversing via the Firewall. This is quite a useful utility in operation and troubleshooting.
To capture traffic on a Cisco ASA or PIX Firewall the capture command can be used.
BELOW IS STEP BY STEP PROCEDURE TO ENABLE PACKET CAPTURE FOR RESPECTIVE TRAFFIC TYPE –
We want to capture traffic from/to host 192.168.0.1 located behind the DMZ interface.
Using access list is recommended as it is used to filter interesting traffic (Specific traffic capture we want to analyze) :
ASA(config)# access-list CAPTURE permit ip any host 192.168.0.1
ASA(config)# capture cap1 access-list CAPTURE interface dmz
capture cap1 access-list CAPTURE interface dmz
show capture cap1 detail
show capture cap1 dump