Some notes on working with Cisco ASA's
Commands on an asa 8.3 and above
Capture packets (like linux tcpdump/ Solaris snoop)
Start a Capture
\# capture [name] interface [interface name] match [protical (ip/icmp/tcp/udp)] host [source host (x.x.x.x/any)] [Dest host (x.x.x.x/any)]
Stop the capture but keep the data
\# no capture [name] interface [interface name]
List Caputres
\# show capture [name]
Delete the capture
\# no capture [name]
Example
# capture SH interface extern match ip host 10.10.10.10 any
# show capt capture SH type raw-data [Capturing - 14486 bytes] match ip host 10.10.10.10 any
# show capture SH 71 packets captured 1: 16:47:19.884750 10.10.10.3.64216 > 10.10.10.10.53: udp 42 2: 16:47:19.885086 10.10.10.10.53 > 10.10.10.3.64216: udp 238 ...
packet tracer
- packet-tracer input [interface name] [protical (icmp/tcp/udp)] [source host (x.x.x.x)] [source port] [dest host (x.x.x.x)] [desk port] (detailed)
Example
- packet-tracer input external tcp 10.10.10.3 64216 10.10.10.10 53 detailed