ASA packet captures in pcap formatNov 182016
Using Capture on the ASA Security Appliances
Step 1: Create an access-list to capture to
access-list mycap extended permit ip host 18.104.22.168 any
access-list mycap extended permit ip any host 22.214.171.124
Step 2: Type show to see the access-list: show access-list mycap
Step 3: Create the capture by typing capture [name of capture] access-list [name of access-list] interface [interface of traffic to capture]
Example: capture mycap access-list mycap interface outside
Example: capture mycap interface [outside] match ip host [source] host [dest]
Step 4: Type show capture to view current captures.
Step 5: Type show capture mycap to see mycap capture.
Note: Mycap is just a name you gave to the capture file.
Step 6: Once a file is captured you can open a web browser and type: https://[name of asa]/capture/[name of capture]/pcap to download the capture file (pcap) and view it in a packet capture utility like Wireshark.
Optional: Capture without building an ACL.
capture mycap interface outside match ip host [source] host [dest]