cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6920
Views
6
Helpful
4
Replies

How to capture traffic to and from an IP address using ASDM

todd.townsend
Level 1
Level 1

I need to capture all the traffic between our client's ASA 5505 and their PBX.  I would like to set up a packet capture using the wizard in the ASDM if possible, but it seems like I can only capture the traffic going one direction.  Is it possible to capture all traffice to and from the PBX?  If so, how?

1 Accepted Solution

Accepted Solutions

From this article set up a capture.

Document ID: 71871

ASA Capture Feature

The administrator needs to create an access-list that defines what traffic the ASA needs to capture. After the access-list is defined, the capture command incorporates the access-list and applies it to an interface.

ciscoasa(config)#access-list inside_test permit icmp any host 192.168.1.1
ciscoasa(config)#capture inside_interface access-list inside_test interface inside

The user pings the inside interface of the ASA (ping 192.168.1.1). This output is displayed.

ciscoasa#show capture inside_interface
   1: 13:04:06.284897 192.168.1.50 > 192.168.1.1: icmp: echo request

!--- The user IP address is 192.168.1.50.

Note: In order to download the capture file to a system such as ethereal, you can do it as this output shows.


!--- Open an Internet Explorer and browse with this https link format:

https://[/]/capture//pcap

View solution in original post

4 Replies 4

johnlloyd_13
Level 9
Level 9

I'm unaware that ASA5505 have such capability. Your best bet is to perform SPAN if there's any switch in between.

Edit: I've just recalled there's a 'capture' feature on ASA.

https://supportforums.cisco.com/docs/DOC-17345

Sent from Cisco Technical Support iPhone App

Hi,

The ASA 5505 has a built-in switch that suports SPAN:http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/int5505.html

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

todd.townsend
Level 1
Level 1

I'm looking for steps on how to set up a packet capture on the ASA5505 that will capture all traffic on the internal interface to and from a particular IP address.  I have a strong preference for using the capture wizard in ASDM, but command line would be better than nothing.

I have not been able to find the answer to my question in the documentation provided.

From this article set up a capture.

Document ID: 71871

ASA Capture Feature

The administrator needs to create an access-list that defines what traffic the ASA needs to capture. After the access-list is defined, the capture command incorporates the access-list and applies it to an interface.

ciscoasa(config)#access-list inside_test permit icmp any host 192.168.1.1
ciscoasa(config)#capture inside_interface access-list inside_test interface inside

The user pings the inside interface of the ASA (ping 192.168.1.1). This output is displayed.

ciscoasa#show capture inside_interface
   1: 13:04:06.284897 192.168.1.50 > 192.168.1.1: icmp: echo request

!--- The user IP address is 192.168.1.50.

Note: In order to download the capture file to a system such as ethereal, you can do it as this output shows.


!--- Open an Internet Explorer and browse with this https link format:

https://[/]/capture//pcap
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: