Ben Shuman's Blog - From One Geek To Another - ASA packet captures in pcap format

ASA packet captures in pcap format

Nov 182016

Using Capture on the ASA Security Appliances

Step 1: Create an access-list to capture to
Example:
access-list mycap extended permit ip host 8.8.8.8 any
access-list mycap extended permit ip any host 8.8.8.8

Step 2: Type show to see the access-list: show access-list mycap

Step 3: Create the capture by typing capture [name of capture] access-list [name of access-list] interface [interface of traffic to capture]
Example: capture mycap access-list mycap interface outside
Example: capture mycap interface [outside] match ip host [source] host [dest]

Step 4: Type show capture to view current captures.

Step 5: Type show capture mycap to see mycap capture.
Note: Mycap is just a name you gave to the capture file.

Step 6: Once a file is captured you can open a web browser and type: https://[name of asa]/capture/[name of capture]/pcap to download the capture file (pcap) and view it in a packet capture utility like Wireshark.
Example: https://192.168.1.1/capture/mycap/pcap

Optional: Capture without building an ACL.
Example:
capture mycap interface outside match ip host [source] host [dest]

Tags:
cisco, asa, capture

ASA packet captures in pcap format

There are no published comments.