How to caputre traffic between two Ip's

Unanswered Question
Sep 8th, 2010

I am using an asa5500.  I am trying to capture traffic between two inside IP's.

I want traffic between a web server and a database server.  Both IP's are known.  The target port is also known (sql server port).  The source port is randomly generated.  How can I caputure this traffic?  Or, all traffic between these two IP's?

The log filter doesn't appear to accept "any" in the source port or destinationi fields.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Wed, 09/08/2010 - 12:04

Dave

There are a couple of aspects of your question that I do not understand. Perhaps you can clarify:

- you talk about wanting to capture traffic between 2 inside IPs. Does traffic between the 2 IPs go through the ASA?

- you talk about wanting to capture traffic so I assume that you will be using the Capture facility of the ASA. Then you mention the log filter not accepting "any". What log filter and how does that relate to capturing traffic?

In general there is a pretty easy answer to your basic question. If the destination port is know then include the destination port in the access list statement. If the source port is randomly generated (and therefore not predictable) then do not include the source port. So you might have an access list statement that looks something like this permit udp host host eq

By not specifying the source port you are inherently permitting any source port.

HTH

Rick

davealessi Thu, 09/09/2010 - 02:27

I am working on a network issue and need to capture traffic between two internal addresses. This traffic doesn’t go through the router, but I thought it could monitor the traffic on the subnet.

I am trying to use the cisco asdm packet tracer. When I try and set the packet parameters (source port, dest port), it errors out. The field is required, and it will not accept any. Permitting any port is what I would like to do.

Richard Burts Thu, 09/09/2010 - 04:05

Dave

If the source device and the destination device are connected in the same subnet then they communicate directly. The router/ASA may see the traffic go by on the network interface but it will not monitor that traffic and packet tracer will not be able to tell you anything about that traffic. For that kind of situation you would probably be better off to put a PC with Wireshark or some other packet capture software and monitor the traffic that way.

It has been a while since I used Packet Tracer and I do not remember the setup very clearly. I am quite surprised that it requires specification of a specific source and specific destination port. I would expect some way to set it up so that it recognizes random source ports.

HTH

Rick

Actions

This Discussion

Related Content