I've been able to find information on setting up a CAPTURE for incoming traffic. However, I am having a hard time setting up a CAPTURE for traffic heading out of my network to the Internet.
Can someone please assist in how I can set this up?
Thank you in advance.
You can do this if you configure the capture on your inside interface. The commands would look something like this:
! Create an ACL to limit the capture to SMTP traffic from your internal host
access-list capin-acl permit tcp host 172.16.x.x any eq 25
access-list capin-acl permit tcp any eq 25 host 172.16.x.x
! Configure the capture
capture capin access-list capin-acl interface inside packet-length 1518 buffer
This assumes the interface that your host sits on is named "inside". If not, just change "inside" to your interface name. The buffer is optional, but will let you capture more data than the default buffer will hold.
You can then look at the capture with the 'show capture capin' command or download it by browsing to https:///capture/capin/pcap.
Finally, here is the command reference for the 'capture' command:
Hope that helps.