Trace traffic On 515 firewall

Unanswered Question
Mar 2nd, 2007

I would need help on how i can trace and capture traffic on the above firewall.

i need to prove to my IS guys that the firewall has no problems.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
hoogen_82 Fri, 03/02/2007 - 08:11

What kind of traffic are you trying trace..What is the problem that you are facing?

ICMP packet trace can be enabled by issuing a debug icmp trace command, to stop it enter no debug icmp trace.

Cheers

Hoogen

suschoud Fri, 03/02/2007 - 10:59

Following is the method to take captures on PIX:

Issue with communication between a client on inside interface and a server on outside interface.

Replace IP addresses appropriately-

access-list cpo permit ip host host

access-list cpo permit ip host host

capture capo access-list cpo buffer 2000000 packet-length 1518 interface outside

access-list cpi permit ip host host

access-list cpi permit ip host host

capture capi access-list cpi buffer 2000000 packet-length 1518 interface inside

SRC_IP : This is the original IP address of client from where request is being

generated

XSRC_IP : This is the translated IP address of the inside client. IP address to

which inside client is translated when going outbound.

DST_IP : This is the Destination IP address.

Alternatively, captures on both interfaces can be taken in a single capture file.

access-list cap permit ip host host

access-list cap permit ip host host

access-list cap permit ip host host

access-list cap permit ip host host

capture capio access-list cap buffer 2000000 packet-length 1518 interface outside interface inside

To download the captures:

using a maching with PDM access-

https://interface_IP/capture/capo/pcap

--> save file as outside.cap

(Captures on outside interface)

https://interface_IP/capture/capi/pcap

--> save file as inside.cap

(Captures on inside interface)

https://interface_IP/capture/capio/pcap

--> save file as inout.cap

(Captures on inside and outside interface)

If PDM is not available, captures can be sent to a TFTP server using following commands-

copy capture:capo tftp://x.x.x.x/outside.cap pcap

(Captures on outside interface of PIX, capture file will be saved as "outside.cap")

copy capture:capi tftp://x.x.x.x/inside.cap pcap

(Captures on outside interface of PIX, capture file will be saved as "inside.cap")

copy capture:capio tftp://x.x.x.x/inout.cap pcap

(Captures on inside and outside interface of PIX, capture file will be saved as "inout.cap")

x.x.x.x : IP address of TFTP server.

------

do not forget to rate this. :)

Actions

This Discussion