02-21-2007 08:26 PM - edited 03-11-2019 02:36 AM
Any manual of how to use debug command specific to a packet or IP address. Since it take lot of memory if I run that randomly.
Solved! Go to Solution.
02-22-2007 08:02 PM
We dont need to apply this access-list on any interface. It is completely independent of existing access-lists on device. The sole pupose of these ACLs is to match the traffic we need to capture by using them in the capture command.
02-22-2007 03:45 AM
Debug command was the old way of capturing the packets. This command has been deprecated in 7.x versions. There is a better way available to capture the packets. For that we can use the "capture" command. Here is an example-
suppose there is a host a.a.a.a on the inside interface of PIX/ASA and I need to capture all the outbound packets from this host. For this, I can apply captures using folloaing commands-
-> access-list capi permit ip host a.a.a.a any
-> capture cpi access-list capi buffer 1000000 packet-length 1518 interface inside
Using access-list gives me more strength and granularity to capture only the packets I need. Later I use that access-list in the capture command. To download the capture files, I need to point my browser to-
https://interface_ip/capture/cpi/pcap
(assuming PDM/ASDM is installed)
You can also use "copy" command to transfer the capture file to a tftp server.
Link for capture command-
http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/cref_txt/c.htm#wp1950270
Link for copy command-
http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/cref_txt/c.htm#wp1970556
Hope this is helpful.
Regards,
Vibhor.
02-22-2007 07:23 PM
Hi ,
Thanks for your response. Do we need to apply accesslist exclusively to an interface. Do the above access-list capi is independent of exisiting access-list.
Regards,
siva
02-22-2007 08:02 PM
We dont need to apply this access-list on any interface. It is completely independent of existing access-lists on device. The sole pupose of these ACLs is to match the traffic we need to capture by using them in the capture command.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: