Capturing Live traffic on PIX

Unanswered Question
Dec 29th, 2008

How to see the live traffic on the PIX interfaces.whether we have to use tcpdump command as we

use in Checkpoint or there are other command also to view live traffic.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
cisco24x7 Sun, 01/04/2009 - 19:44

Pix "capture" does not show live traffics like

Checkpoint tcpdump or fw monitor. you have

to use "show capture xxx" to view traffics.

By the time you see it, it is not live anymore.

tcpdump and "fw monitor" show you actual

live traffics on the interface.

Collin Clark Mon, 01/05/2009 - 05:44

A PIX doesn't have tcpdump nor fw monitor. This is a PIX not a Checkpoint.

cisco24x7 Mon, 01/05/2009 - 06:09

The original poster asked "How to see the live traffic on the PIX interfaces."

capture does not have the ability to let users

look at live traffics. That's my point.

sachinraja Mon, 01/05/2009 - 12:26

hello sukh,

connect the pix inside interface through a switch, and do port mirroring on the switch to capture all traffic flowing through that pix.. use the SPAN feature of the switch to mirror the port.. as others said, there are no inbuilt command or feature in PIX, to do this functionality...

Hope this helps.. all the best..

Raj

sean.lagerholm Mon, 01/05/2009 - 13:30

A couple of things I do with either PIX or ASA to watch live traffic:

1-Syslog, just be sure to have a syslog server (easier to sift through) and log to informational level.

2-Can look at output from show conn (not as helpful but you can grep or | inc for specific ip's. This is more of a sanity type of check.

h.parsons Tue, 01/06/2009 - 08:42

What version of code are you running? The ASDM is useful unless you are wanting to see more than just syslog type of traffic.

Actions

This Discussion