Some notes on working with Cisco ASA's

Commands on an asa 8.3 and above

Capture packets (like linux tcpdump/ Solaris snoop)

Start a Capture

\# capture [name] interface [interface name] match [protical (ip/icmp/tcp/udp)] host [source host (x.x.x.x/any)] [Dest host (x.x.x.x/any)]

Stop the capture but keep the data

\# no capture [name] interface [interface name]

List Caputres

\# show capture [name]

Delete the capture

\# no capture [name]


# capture SH interface extern match ip host any
# show capt
capture SH type raw-data [Capturing - 14486 bytes] 
  match ip host any 
# show capture SH

71 packets captured

   1: 16:47:19.884750 >  udp 42 
   2: 16:47:19.885086 >  udp 238 

packet tracer

  1. packet-tracer input [interface name] [protical (icmp/tcp/udp)] [source host (x.x.x.x)] [source port] [dest host (x.x.x.x)] [desk port] (detailed)


  1. packet-tracer input external tcp 64216 53 detailed