I am trying to establish a capture and I want to exclude passive FTP traffic from the capture. The problem is that in passive ftp the control session is well defined and there is no problem excluding it from the capture.But the data session is allowed by the full state firewall traffic inspection, meaning that the pair of ports used for the data session are dinamically established during the control session connection. Is there a way to exclude the whole ftp traffic from the capture?
I am using for example the following access list in the capture:
access-list CAP-LIST extended deny tcp host 10.10.0.1 host 10.10.10.1 eq ftp
access-list CAP-LIST extended permit ip any any
capture mycap access-list CAP-LIST interface OUTSIDE
Thanks a lot for your help.