Difference between revisions of "Asa"

From S23Wiki
Jump to: navigation, search
(Created page with " = Some notes on working with Cisco ASA's = = Commands on an asa 8.3 and above = == Capture packets (like linux tcpdump/ Solaris snoop) == === Start a Capture === # cap...")
(No difference)

Revision as of 08:04, 1 July 2014

Some notes on working with Cisco ASA's

Commands on an asa 8.3 and above

Capture packets (like linux tcpdump/ Solaris snoop)

Start a Capture

  1. capture [name] interface [interface name] match [protical (ip/icmp/tcp/udp)] host [source host (x.x.x.x/any)] [Dest host (x.x.x.x/any)]

Stop the capture but keep the data

  1. no capture [name] interface [interface name]


List Caputres

  1. show capture [name]

Delete the capture

  1. no capture [name]


Example

  1. capture SH interface extern match ip host 10.10.10.10 any
  1. show capt

capture SH type raw-data [Capturing - 14486 bytes]

 match ip host 10.10.10.10 any 
  1. show capture SH

71 packets captured

  1: 16:47:19.884750       10.10.10.3.64216 > 10.10.10.10.53:  udp 42 
  2: 16:47:19.885086       10.10.10.10.53 > 10.10.10.3.64216:  udp 238 

...


packet tracer =

  1. packet-tracer input [interface name] [protical (icmp/tcp/udp)] [source host (x.x.x.x)] [source port] [dest host (x.x.x.x)] [desk port] detailed


Example

  1. packet-tracer input extern tcp 5.159.230.98 40432 109.174.153.4 5060 detailed