The point is, with two quick commands, we’ve got a packet capture going! It just doesn’t get much easier than that.Ī quick show capture command verifies my capture is running. There are many options you can configure as part of this command, including setting buffer sizes, setting a circular-buffer that overwrites itself when full, and selecting webvpn or isakmp traffic. We’ll reference our ACL (testcap) as our “interesting” traffic, and we’ll specify which interface we want to look at: myasa# capture testcap interface insideĪdmittedly, this is probably the command in its simplest form. Then, we set up the capture using the capture command. The first step is to set a quick ACL: access-list testcap extended permit ip host 192.168.80.51 host 192.168.81.52 In this example, I want to capture all IP packets between a host at 192.168.80.51 and the test ASA at 192.168.81.52. Here’s an example of how easy it is to do this. You can identify the traffic you are looking for with an ACL and then set your interface to capture based on the ACL results. However, I’ve found that if you don’t mind getting your hands dirty, so to speak, the CLI interface is the way to go. If you prefer the GUI interface of the ASDM, you can use the Packet Capture Wizard tool by selecting it from the wizard menu. There are at least two ways to configure your ASA to capture packets. The Cisco ASA makes this an easy process. You can pull the packet capture directly from the Cisco ASA firewall. Of course, you could configure and deploy a sniffer, but that is not the only solution you have at your fingertips. Whether you are troubleshooting a difficult problem or chasing some interesting traffic, sometimes you need to pull a packet capture. Lori Hyde tells you how to capture packets directly from the Cisco ASA without using a separate packet-sniffing utility, first by setting up an ACL to define the traffic and then using the capture command. Easy packet captures straight from the Cisco ASA firewall
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |