Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
547
Views
8
Helpful
3
Replies

Debug command

Go to solution
sivakumar.ks
Level 1
Level 1

‎02-21-2007 08:26 PM - edited ‎03-11-2019 02:36 AM

Any manual of how to use debug command specific to a packet or IP address. Since it take lot of memory if I run that randomly.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
vitripat
Level 7
Level 7
In response to sivakumar.ks

‎02-22-2007 08:02 PM

We dont need to apply this access-list on any interface. It is completely independent of existing access-lists on device. The sole pupose of these ACLs is to match the traffic we need to capture by using them in the capture command.

View solution in original post

3 Replies 3

Go to solution
vitripat
Level 7
Level 7

‎02-22-2007 03:45 AM

Debug command was the old way of capturing the packets. This command has been deprecated in 7.x versions. There is a better way available to capture the packets. For that we can use the "capture" command. Here is an example-

suppose there is a host a.a.a.a on the inside interface of PIX/ASA and I need to capture all the outbound packets from this host. For this, I can apply captures using folloaing commands-

-> access-list capi permit ip host a.a.a.a any

-> capture cpi access-list capi buffer 1000000 packet-length 1518 interface inside

Using access-list gives me more strength and granularity to capture only the packets I need. Later I use that access-list in the capture command. To download the capture files, I need to point my browser to-

https://interface_ip/capture/cpi/pcap

(assuming PDM/ASDM is installed)

You can also use "copy" command to transfer the capture file to a tftp server.

Link for capture command-

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/cref_txt/c.htm#wp1950270

Link for copy command-

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/cref_txt/c.htm#wp1970556

Hope this is helpful.

Regards,

Vibhor.

Go to solution
sivakumar.ks
Level 1
Level 1
In response to vitripat

‎02-22-2007 07:23 PM

Hi ,

Thanks for your response. Do we need to apply accesslist exclusively to an interface. Do the above access-list capi is independent of exisiting access-list.

Regards,

siva

0 Helpful

Go to solution
vitripat
Level 7
Level 7
In response to sivakumar.ks

‎02-22-2007 08:02 PM

We dont need to apply this access-list on any interface. It is completely independent of existing access-lists on device. The sole pupose of these ACLs is to match the traffic we need to capture by using them in the capture command.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card