[ original translation ] Pix/asa the packet capture
User Guide
Enable packet capture , to be captured with an interface option keyword on an interface. Capturing multiple interfaces requires multiple capture statements. Packets must be filtered through Ethernet and access lists before packets can be stored in the capture buffer.
Useful capture Commands :
No capture command with the access-list or interface Optional keyword clears the appropriate capture.
No capture The capture is removed without an optional keyword.
If you specify access-list The Optional keyword, the access list is removed from the capture and the capture is preserved. If you specify the interface keyword, the capture is detached from the specified interface and the capture is preserved.
clearcapture capture_name Command clears the capture buffer. Note: The capture command is not present in the configuration and will not recur on the standby setting when failover.
More detailed capture commands refer to the customer documentation for the capture command
Configuration examples
Capturing packets that traverse internal and external interfaces
Steps #1- capturing packets that pass through the internal interface
Access-list capture_in Permit <protocol> host A host B
Access-list capture_in Permit <protocol> host B host A
Capture inside Access-list capture_in interface inside
Steps #2 – capturing packets that pass through the external interface
Access-list capture_out Permit <protocol> host A HostB
Access-list capture_out Permit <protocol> host B HostA
Capture outside Access-list Capture_out interface outside
Getting packets from your device
options " Span style= "Font-size:12px;font-family:helvetica, Sans-serif;" >#- slave pix/asa through web browse get pcap format file.
step #1 - http http http (s)
Steps #2 – then open the browser and type
https:// <asa_ip>/capture/<capture_name>/pcap
in the connection ASA you will be prompted to save the file later. For example,
&NBSP; https://172.16.171.49/capture/inside/pcap
options " Span style= "Font-size:12px;font-family:helvetica, Sans-serif;" > #2 – from asa send pcap format files to tftp server
step #1 - tftp tftp
Steps #2 – and then in ASA Enter the following command Copy/pcap capture:<capture_name>tftp://<asa_ip>/temp . For example:
Copy/pcap capture:inside tftp://172.16.89.8/temp copy/pcapcapture:outside tftp://172.16.89.8/temp
in the PIX To view the capture buffer
If you specify a name for the packet capture , then you can see its contents in the capture buffer. Show capture <capture_name> view captures.
Reset and Delete capture command to clear capture buffer enter the following purge capture command
Delete Capture Command :
Clear capture inside
Clear capture outside
Don't forget to delete the capture list after you complete the capture
No capture inside
No capture outside
No access-list capture_inno access-list capture_out
This article is from the Cisco related Documents blog, so be sure to keep this source http://4088722.blog.51cto.com/4078722/1721571
[Original translation] Pix/asa Packet Capture