Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
623
Views
0
Helpful
4
Replies

fwsm 4.0.6 pcap

Go to solution
ippolito
Level 1
Level 1

‎09-09-2009 08:03 AM - edited ‎03-11-2019 09:13 AM

Trying to find the pcap file for a capture on an fwsm v4.0.6. I set up my capture like this:

access-list capacl permit ip 192.168.0.0 255.255.0.0 any

capture cap access-list capacl interface inside packet-length 1520 buffer 4000000

I can see my capture if I do a "show capture cap", but I'm trying to get at the pcap file.

I tried this, but it came back with a 404 error:

https://[fwsm_ip]/admin/capture/cap/pcap

I'd be grateful for any help.

Thanks

Mike

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee
In response to ippolito

‎09-09-2009 07:48 PM

glad to hear.

Yes, in the command ref. for copy capture:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/command/reference/c4.html#wp1881485

The following example shows how to copy a capture from within a context in multiple context mode. You must specify the context name:

hostname/Context1# capture abc access-list test interface inside

hostname/Context1# changeto system

hostname# copy capture:Context1/abc tftp:171.68.11.129/tftpboot/abc.cap

I will have the multiple context syntax added to the capture command reference

http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/command/reference/c1.html#wp1880831

Example listed in the above link is only for single context.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee

‎09-09-2009 11:49 AM

Is this multiple context?

If so you need this syntax:

https://ip_address/capture/context_name/capture_name/pcap

0 Helpful

Go to solution
ippolito
Level 1
Level 1
In response to Kureli Sankar

‎09-09-2009 12:23 PM

That worked. Thank you VERY much -- it has been a frustrating experience trying to find that in the documentation. In fact, is it documented anywhere on Cisco's site?

Thanks again,

Mike

0 Helpful

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee
In response to ippolito

‎09-09-2009 07:48 PM

glad to hear.

Yes, in the command ref. for copy capture:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/command/reference/c4.html#wp1881485

The following example shows how to copy a capture from within a context in multiple context mode. You must specify the context name:

hostname/Context1# capture abc access-list test interface inside

hostname/Context1# changeto system

hostname# copy capture:Context1/abc tftp:171.68.11.129/tftpboot/abc.cap

I will have the multiple context syntax added to the capture command reference

http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/command/reference/c1.html#wp1880831

Example listed in the above link is only for single context.

0 Helpful

Go to solution
ippolito
Level 1
Level 1
In response to Kureli Sankar

‎09-10-2009 05:27 AM

Thank you, you've been very helpful!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card