Copy capture buffer via tftp using pcap keyword

Unanswered Question
Apr 29th, 2008
User Badges:

I am running FWSM Firewall Version 3.2(3). I am trying to copy the contents of my capture buffer so that I can look at it with Wireshark. The documentation states that you can use the pcap keyword for this. I cannot get the firewall to recognize said keyword. Documentation states this was introduced in 2.2(1). Has anyone done this? Thank you.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading. Tue, 04/29/2008 - 13:42
User Badges:
  • Silver, 250 points or more

If the FWSM works like a PIX/ASA, this should work.

1. Create an ACL to capture the "interesting" traffic

ex. access-list cap1 extended permit ip host host

2. Create a capture to use your ACL

ex. cap my_cap access-list cap1 interface outside

3. View the capture

ex. show cap my_cap

4. Download the cap (ASDM must be setup)

ex. https:///cap/cap1/pcap



This Discussion