To capture traffic on a Cisco asa or pix firewall the capture command can be used.
Example capturing traffic on asa/pix
You want to capture traffic from/to host 10.100.100.1 located behind the dmz interface.
The access-list is optional and is used to filter to interesting traffic
pix(config)# access-list interesting_traffic permit ip host 10.100.100.1 any
pix(config)# access-list interesting_traffic permit ip any host 10.100.100.1
pix(config)# capture cap1 access- interesting_traffic interface dmz
pix1(config)# show capture
capture cap1 access-list access-interesting interface dmz
Commands to show capturing results:
show capture cap1
show capture cap1 detail
show capture cap1 dump
Command to clear captured traffic:
clear capture cap1
Command to save results to tftp server:
copy capture:cap1 tftp://10.1.1.1/dmzhost.txt
To save results in pcap format
copy capture:cap1 tftp://10.1.1.1/dmzhost.txt pcap
Command to disable capturing:
pix(config)# no capture cap1
|
