Guest

Security

Episode 1 TAC Security Show Notes

Using the Packet Capture Utility for Troubleshooting

Show notes:

The following example shows the use of the 'match' argument with packet captures:

ciscoasa# capture in interface inside buffer 2000000

ciscoasa# capture in match ip any host 192.85.1.3

ciscoasa#

ciscoasa# capture out interface outside buffer 2000000

ciscoasa# capture out match ip any host

ciscoasa#

ciscoasa# show capture capture in type raw-data buffer 2000000

interface inside buffer 2000000 interface inside [Capturing - 586 bytes]


match ip any host 192.85.1.3


capture out type raw-data buffer 2000000 interface GAT_outside [Capturing - 922 bytes]


match ip any host 192.85.1.3


ciscoasa/FW# ciscoasa/FW# show cap in


6 packets captured


1: 12:04:06.482625 192.85.1.3 > 192.85.1.2: icmp: echo request

2: 12:04:06.482915 192.85.1.2 > 192.85.1.3: icmp: echo reply

3: 12:04:07.478216 192.85.1.3 > 192.85.1.2: icmp: echo request

4: 12:04:07.478307 192.85.1.2 > 192.85.1.3: icmp: echo reply

5: 12:04:08.478139 192.85.1.3 > 192.85.1.2: icmp: echo request

6: 12:04:08.478231 192.85.1.2 > 192.85.1.3: icmp: echo reply


ciscoasa/FW#