×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

How to capture traffic to and from an IP address using ASDM

Answered Question
Oct 15th, 2013
User Badges:

I need to capture all the traffic between our client's ASA 5505 and their PBX.  I would like to set up a packet capture using the wizard in the ASDM if possible, but it seems like I can only capture the traffic going one direction.  Is it possible to capture all traffice to and from the PBX?  If so, how?

Correct Answer by Mark Jensen about 3 years 10 months ago

From this article set up a capture.

Document ID: 71871

ASA Capture Feature

The administrator needs to create an access-list that defines what traffic the ASA needs to capture. After the access-list is defined, the capture command incorporates the access-list and applies it to an interface.

ciscoasa(config)#access-list inside_test permit icmp any host 192.168.1.1
ciscoasa(config)#capture inside_interface access-list inside_test interface inside

The user pings the inside interface of the ASA (ping 192.168.1.1). This output is displayed.

ciscoasa#show capture inside_interface
   1: 13:04:06.284897 192.168.1.50 > 192.168.1.1: icmp: echo request

!--- The user IP address is 192.168.1.50.

Note: In order to download the capture file to a system such as ethereal, you can do it as this output shows.


!--- Open an Internet Explorer and browse with this https link format:

https://[/]/capture//pcap
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.7 (3 ratings)
Loading.
johnlloyd_13 Tue, 10/15/2013 - 08:37
User Badges:
  • Blue, 1500 points or more

I'm unaware that ASA5505 have such capability. Your best bet is to perform SPAN if there's any switch in between.

Edit: I've just recalled there's a 'capture' feature on ASA.

https://supportforums.cisco.com/docs/DOC-17345

Sent from Cisco Technical Support iPhone App

todd.townsend Wed, 10/16/2013 - 07:09
User Badges:

I'm looking for steps on how to set up a packet capture on the ASA5505 that will capture all traffic on the internal interface to and from a particular IP address.  I have a strong preference for using the capture wizard in ASDM, but command line would be better than nothing.


I have not been able to find the answer to my question in the documentation provided.

Correct Answer
Mark Jensen Wed, 10/16/2013 - 13:55
User Badges:

From this article set up a capture.

Document ID: 71871

ASA Capture Feature

The administrator needs to create an access-list that defines what traffic the ASA needs to capture. After the access-list is defined, the capture command incorporates the access-list and applies it to an interface.

ciscoasa(config)#access-list inside_test permit icmp any host 192.168.1.1
ciscoasa(config)#capture inside_interface access-list inside_test interface inside

The user pings the inside interface of the ASA (ping 192.168.1.1). This output is displayed.

ciscoasa#show capture inside_interface
   1: 13:04:06.284897 192.168.1.50 > 192.168.1.1: icmp: echo request

!--- The user IP address is 192.168.1.50.

Note: In order to download the capture file to a system such as ethereal, you can do it as this output shows.


!--- Open an Internet Explorer and browse with this https link format:

https://[/]/capture//pcap

Actions

This Discussion

Related Content