Thursday, September 23, 2010

Packet Capture on a Cisco ASA

*****DEFINE INTERESTING TRAFFIC*********************

For example: The following access-list will capture traffic going to 192.168.25.100 from any source and the second line will capture traffic coming from 192.168.25.100 to any destination.

access-list capture-list extended permit ip any host 192.168.25.100
access-list capture-list extended permit ip host 192.168.25.100 any
*******************************************************


*****START THE CAPTURES*****************************

ASA# capture <name> interface (interface) access-list (access list) buffer (bytes to capture) packet 1522

For example:

ASA# capture incoming-cap interface inside access-list cap-list buffer 1000000 packet 1522
ASA# capture outgoing-cap interface outside access-list cap-list buffer 1000000 packet 1522
*******************************************************


*****GENERATE TRAFFIC*******************************

This can be done by producing any network traffic that falls within the access lilst you created earlier.
******************************************************


*****VIEW CAPTURES*********************************

Show capture incoming-cap
show capture outgoing-cap
******************************************************


*****REMOVE CAPTURES******************************

no capture incoming-cap
no capture outgoing-cap
******************************************************

No comments:

Post a Comment