Copy capture buffer via tftp using pcap keyword

Unanswered Question
Apr 29th, 2008

I am running FWSM Firewall Version 3.2(3). I am trying to copy the contents of my capture buffer so that I can look at it with Wireshark. The documentation states that you can use the pcap keyword for this. I cannot get the firewall to recognize said keyword. Documentation states this was introduced in 2.2(1). Has anyone done this? Thank you.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)

If the FWSM works like a PIX/ASA, this should work.

1. Create an ACL to capture the "interesting" traffic

ex. access-list cap1 extended permit ip host host

2. Create a capture to use your ACL

ex. cap my_cap access-list cap1 interface outside

3. View the capture

ex. show cap my_cap

4. Download the cap (ASDM must be setup)

ex. https:///cap/cap1/pcap



This Discussion