Use the "capture" command (this is also in 6.3, debug packet has been deprecated for a while now".
This is a much more powerful command, allowing you to capture on both input and output interfaces simultaneously, then even save the packet capture off in pcap format so you can look at it with Sniffer/Ethereal. Very cool command.
Sample scenario:
Problem:
User on the Inside with an IP of 192.168.1.8 is having a problem accessing
Cisco.com (198.133.219.25). The user is getting NATed to 1.1.1.8
Step 1: Create ACL for both Inside and Outside Interface specifying the pre-NAT'd source and destination traffic in both directions
Access-list out permit tcp host 1.1.1.8 host 198.133.219.25 eq 80
Access-list out permit tcp host 198.133.219.25 eq 80 host 1.1.1.8
Access-list in permit tcp host 192.168.1.8 host 198.133.219.25 eq 80
Access-list in permit tcp host 198.133.219.25 eq 80 host 192.168.1.8
Step 2: Create captures on both Inside and Outside Interface
capture out-web access-list out buffer 700000 interface outside packet-length 1518
capture in-web access-list in buffer 700000 interface inside packet-length 1518
Step 3: Have Inside user access www.cisco.com
Step 4: Copy the captures off to a TFTP server
copy capture:out-web tftp://10.1.1.10 pcap
copy capture:in-web tftp://10.1.1.10 pcap
OR copy using https:
http server enable
http 0.0.0.0 0.0.0.0 outside
https:///capture/out-web/pcap
You can research it further here:
http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/cref_txt/c.htm#wp1910869