I'm just installing ACS 5.1 for the first time and came across the tech dumptcp 'feature'.
This command seems to be almost completely useless for capturing packets at the ACS 5.1 OS!
It's not possible to specify a filter or capture the packets to disk. The only options that exist are the ability to specify the number of packets that are dumped to the console which rather limits its usefulness, especially if you're SSHed in to ACS 5.1 in the first place.
tech dumptcp 0 count ?
<1-10000> Package count
Reading the command reference at http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/command/reference/cli_app_a.html#wp1039556 made me laugh. The tech author has demonstrated the command whilst SSHed in and all they've captured to screen are, surprise surprise, the SSH packets from their console session.
So - 2 questions:
1) Does anyone know of an alternative way within the ACS 5.1 host operating system to capture network packets whilst SSHed in?
2) Has anyone out there already raised a request with Cisco to enhance the tech dumptcp 'feature' by adding the ability to filter packets and capture to disk?
Thanks very much.