How to use the Cisco ASA built in packet capture tool

Posted: November 27, 2013 in Cisco Security - Firewalls

 

 
During troubleshooting it is often necessary to see what traffic is being passed between two networks or two hosts. Lets use built-in capture tool. Below are the steps you need to take:
So, we are troubleshooting traffic between a host with the address of 20.20.20.1 and a host with the address of 10.10.10.1.

1.) Define the traffic that you would like to check by creating capture file called LB:

#access-list LB extended permit ip host 20.20.20.1 host 10.10.10.1
#access-list LB extended permit ip host 10.10.10.1 host 20.20.20.1
#access-list LB extended permit icmp host 20.20.20.1 host 10.10.10.1
#access-list LB extended permit icmp host 10.10.10.1 host 20.20.20.1

2.) Create and start the packet capture process called LB:

#capture LB access-list LB

3.) Create some traffic between these hosts.
Our defined ACL will detect all traffic between these two hosts, so let just start pinging:

From the host 20.20.20.1 ping 10.10.10.1
From the host 10.10.10.1 ping 20.20.20.1

4.) Analyze the packet capture.

#show capture LB !— This will show all captured traffic.

5.) Turn off the packet capture and remove the ACL:

#no capture LB
#clear configure access-list LB

#clear capture LB !—clear the capture log by using this command
#show capture LB | inc 20.20.20.1 !—use the pipe functionality when viewing output

 

 

 

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s