The best way to trace a particular IP is throught the use of the capture statement... First, you define an ACL to look for the specific traffic you are interested in. Then, you assign your ACL to a cap and applyt he capture to the interface you want. Here is an example:


access-list cap extended permit ip host 1.1.1.1 host 2.2.2.2

capture cap access-list cap interface outside



kp_prasanna Fri, 07/13/2007 - 08:12
User Badges:

Thanks for the reply.


my nat ip is 41.x.x.x assigned to the internal 172.x.x.x.now i need to capture the 172.x.x.x series traffic.now give the config for the acl and config of the interface.what's the command to see the output

kp_prasanna Sat, 07/14/2007 - 02:18
User Badges:

hi walker,

The destination of the traffic is to the internal router.


interested in both.we are using this pix only for nating,asa5510.



Here you go...


access-list cap1 extended permit ip any host 41.1.1.1(router's public IP)


access-list cap1 extended permit ip host 41.1.1.1 any


access-list cap2 extended permit ip any host 172.16.1.1 (router's internal IP)


access-list cap2 extended permit ip host 172.16.1.1 any


capture cap1 access-list cap1 interface outside


capture cap2 access-list cap2 interface inside


To see captures..


show capture cap1


show capture cap2


********* PLEASE RATE***************


Cheers


Jay

kp_prasanna Mon, 07/16/2007 - 10:28
User Badges:

thanks, i am able to capture the outside traffic whereas inside,it says no packets captured....

kp_prasanna Tue, 07/17/2007 - 00:30
User Badges:

thanks ,i am able to capture on both.i need to capture the complete traffic both inside &outside interfaces and store in to an ftp directory,how to do it??

now its getting only 958 packets,if i need to capture for a day continous.how to go about that????

kp_prasanna Tue, 07/17/2007 - 23:03
User Badges:

thanks,i have just given the outside &inside ip of the interface to the access list,


how to view the syslog messages of the pix?we r using linux..

kp_prasanna Tue, 07/17/2007 - 23:26
User Badges:

This can be done on any pc on the lan.i have installed wireshark.


and i tried to browse to the https given.i just no page to display...


rgds,

prasanna

kp_prasanna Thu, 07/19/2007 - 08:33
User Badges:

i have only

http 192.x.x.0 255.255.255.0 management.

i need to remove it.and the management interface is down,so i can remove it and add the config given by u.


regards,

prasanna



Actions

This Discussion