Capturing Live traffic on PIX

Unanswered Question
Dec 29th, 2008
User Badges:

How to see the live traffic on the PIX interfaces.whether we have to use tcpdump command as we

use in Checkpoint or there are other command also to view live traffic.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
cisco24x7 Sun, 01/04/2009 - 19:44
User Badges:
  • Silver, 250 points or more

Pix "capture" does not show live traffics like

Checkpoint tcpdump or fw monitor. you have

to use "show capture xxx" to view traffics.

By the time you see it, it is not live anymore.

tcpdump and "fw monitor" show you actual

live traffics on the interface.

Collin Clark Mon, 01/05/2009 - 05:44
User Badges:
  • Purple, 4500 points or more

A PIX doesn't have tcpdump nor fw monitor. This is a PIX not a Checkpoint.

cisco24x7 Mon, 01/05/2009 - 06:09
User Badges:
  • Silver, 250 points or more

The original poster asked "How to see the live traffic on the PIX interfaces."

capture does not have the ability to let users

look at live traffics. That's my point.

sachinraja Mon, 01/05/2009 - 12:26
User Badges:
  • Red, 2250 points or more

hello sukh,

connect the pix inside interface through a switch, and do port mirroring on the switch to capture all traffic flowing through that pix.. use the SPAN feature of the switch to mirror the port.. as others said, there are no inbuilt command or feature in PIX, to do this functionality...

Hope this helps.. all the best..


sean.lagerholm Mon, 01/05/2009 - 13:30
User Badges:

A couple of things I do with either PIX or ASA to watch live traffic:

1-Syslog, just be sure to have a syslog server (easier to sift through) and log to informational level.

2-Can look at output from show conn (not as helpful but you can grep or | inc for specific ip's. This is more of a sanity type of check.

h.parsons Tue, 01/06/2009 - 08:42
User Badges:

What version of code are you running? The ASDM is useful unless you are wanting to see more than just syslog type of traffic.


This Discussion