Thursday, July 23, 2009

Cisco ASA or PIX Packet Capture for Wireshark with PCAP

The administrator needs to create an access-list that defines what traffic the ASA needs to capture. After the access-list is defined, the capture command incorporates the access-list and applies it to an interface.

ciscoasa(config)#access-list inside_test permit icmp any host
ciscoasa(config)#access-list inside_test permit icmp host any
ciscoasa(config)#capture inside_interface access-list inside_test interface inside

The user pings the inside interface of the ASA (ping This output is displayed.

ciscoasa#show capture inside_interface
1: 13:04:06.284897 > icmp: echo request

!--- The user IP address is

Note: In order to download the capture file to a system such as ethereal, you can do it as this output shows.

!--- Open an Internet Explorer and browse with this https link format:


No comments:

Post a Comment