The best way to trace a particular IP is throught the use of the capture statement... First, you define an ACL to look for the specific traffic you are interested in. Then, you assign your ACL to a cap and applyt he capture to the interface you want. Here is an example:

access-list cap extended permit ip host host

capture cap access-list cap interface outside

kp_prasanna Fri, 07/13/2007 - 08:12
User Badges:

Thanks for the reply.

my nat ip is 41.x.x.x assigned to the internal i need to capture the 172.x.x.x series give the config for the acl and config of the interface.what's the command to see the output

kp_prasanna Sat, 07/14/2007 - 02:18
User Badges:

hi walker,

The destination of the traffic is to the internal router.

interested in both.we are using this pix only for nating,asa5510.

Here you go...

access-list cap1 extended permit ip any host's public IP)

access-list cap1 extended permit ip host any

access-list cap2 extended permit ip any host (router's internal IP)

access-list cap2 extended permit ip host any

capture cap1 access-list cap1 interface outside

capture cap2 access-list cap2 interface inside

To see captures..

show capture cap1

show capture cap2

********* PLEASE RATE***************



kp_prasanna Mon, 07/16/2007 - 10:28
User Badges:

thanks, i am able to capture the outside traffic whereas inside,it says no packets captured....

kp_prasanna Tue, 07/17/2007 - 00:30
User Badges:

thanks ,i am able to capture on both.i need to capture the complete traffic both inside &outside interfaces and store in to an ftp directory,how to do it??

now its getting only 958 packets,if i need to capture for a day to go about that????

kp_prasanna Tue, 07/17/2007 - 23:03
User Badges:

thanks,i have just given the outside &inside ip of the interface to the access list,

how to view the syslog messages of the pix?we r using linux..

kp_prasanna Tue, 07/17/2007 - 23:26
User Badges:

This can be done on any pc on the lan.i have installed wireshark.

and i tried to browse to the https given.i just no page to display...



kp_prasanna Thu, 07/19/2007 - 08:33
User Badges:

i have only

http 192.x.x.0 management.

i need to remove it.and the management interface is down,so i can remove it and add the config given by u.




This Discussion