Copy capture buffer via tftp using pcap keyword

Unanswered Question
Apr 29th, 2008
User Badges:

I am running FWSM Firewall Version 3.2(3). I am trying to copy the contents of my capture buffer so that I can look at it with Wireshark. The documentation states that you can use the pcap keyword for this. I cannot get the firewall to recognize said keyword. Documentation states this was introduced in 2.2(1). Has anyone done this? Thank you.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jwalker@swinc.com Tue, 04/29/2008 - 13:42
User Badges:
  • Silver, 250 points or more

If the FWSM works like a PIX/ASA, this should work.


1. Create an ACL to capture the "interesting" traffic


ex. access-list cap1 extended permit ip host 1.1.1.1 host 2.2.2.2


2. Create a capture to use your ACL


ex. cap my_cap access-list cap1 interface outside


3. View the capture


ex. show cap my_cap


4. Download the cap (ASDM must be setup)


ex. https:///cap/cap1/pcap


Jay

Actions

This Discussion