Cisco ASA packet capture and PIX firewall have a very nice feature set to capture traversing via the Firewall. This is quite a useful utility in operation and troubleshooting.
To capture traffic on a Cisco ASA or PIX Firewall the capture command can be used.
BELOW IS STEP BY STEP PROCEDURE TO ENABLE PACKET CAPTURE FOR RESPECTIVE TRAFFIC TYPE –
We want to capture traffic from/to host 192.168.0.1 located behind the DMZ interface.
Using access list is recommended as it is used to filter interesting traffic (Specific traffic capture we want to analyze) :Below are the Commands to show capturing results –
Command to clear captured traffic:
Command to save results to [p2p type=”slug” value=”ftp-vs-tftp”]tftp[/p2p] server:
To save results in pcap format
Command to disable capturing:
Related – CISCO ASA FIREWALL INTERVIEW QUESTIONS