Difference between revisions of "Asa"

From S23Wiki
Jump to: navigation, search
(Created page with " = Some notes on working with Cisco ASA's = = Commands on an asa 8.3 and above = == Capture packets (like linux tcpdump/ Solaris snoop) == === Start a Capture === # cap...")
 
Line 25: Line 25:
  
 
=== Example ===  
 
=== Example ===  
# capture SH interface extern match ip host 10.10.10.10 any
+
# capture SH interface extern match ip host 10.10.10.10 any
  
# show capt
+
# show capt
capture SH type raw-data [Capturing - 14486 bytes]  
+
capture SH type raw-data [Capturing - 14486 bytes]  
  match ip host 10.10.10.10 any  
+
  match ip host 10.10.10.10 any  
  
# show capture SH
+
# show capture SH
 +
 +
71 packets captured
 +
 +
    1: 16:47:19.884750      10.10.10.3.64216 > 10.10.10.10.53:  udp 42
 +
    2: 16:47:19.885086      10.10.10.10.53 > 10.10.10.3.64216:  udp 238
 +
...
  
71 packets captured
 
  
  1: 16:47:19.884750      10.10.10.3.64216 > 10.10.10.10.53:  udp 42
 
  2: 16:47:19.885086      10.10.10.10.53 > 10.10.10.3.64216:  udp 238
 
...
 
  
  
Line 43: Line 45:
 
== packet tracer ===
 
== packet tracer ===
  
# packet-tracer input [interface name] [protical (icmp/tcp/udp)] [source host (x.x.x.x)] [source port] [dest host (x.x.x.x)] [desk port] detailed
+
# packet-tracer input [interface name] [protical (icmp/tcp/udp)] [source host (x.x.x.x)] [source port] [dest host (x.x.x.x)] [desk port] (detailed)
  
  
 
=== Example ===
 
=== Example ===
  
# packet-tracer input extern tcp 5.159.230.98 40432 109.174.153.4 5060 detailed
+
# packet-tracer input external tcp 10.10.10.3 64216 10.10.10.10 53 detailed

Revision as of 08:07, 1 July 2014

Some notes on working with Cisco ASA's

Commands on an asa 8.3 and above

Capture packets (like linux tcpdump/ Solaris snoop)

Start a Capture

  1. capture [name] interface [interface name] match [protical (ip/icmp/tcp/udp)] host [source host (x.x.x.x/any)] [Dest host (x.x.x.x/any)]

Stop the capture but keep the data

  1. no capture [name] interface [interface name]


List Caputres

  1. show capture [name]

Delete the capture

  1. no capture [name]


Example

# capture SH interface extern match ip host 10.10.10.10 any
# show capt
capture SH type raw-data [Capturing - 14486 bytes] 
  match ip host 10.10.10.10 any 
# show capture SH

71 packets captured

   1: 16:47:19.884750       10.10.10.3.64216 > 10.10.10.10.53:  udp 42 
   2: 16:47:19.885086       10.10.10.10.53 > 10.10.10.3.64216:  udp 238 
...



packet tracer =

  1. packet-tracer input [interface name] [protical (icmp/tcp/udp)] [source host (x.x.x.x)] [source port] [dest host (x.x.x.x)] [desk port] (detailed)


Example

  1. packet-tracer input external tcp 10.10.10.3 64216 10.10.10.10 53 detailed