×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.
gfullage Tue, 12/13/2005 - 20:49
User Badges:
  • Cisco Employee,

Use the "capture" command (this is also in 6.3, debug packet has been deprecated for a while now".


This is a much more powerful command, allowing you to capture on both input and output interfaces simultaneously, then even save the packet capture off in pcap format so you can look at it with Sniffer/Ethereal. Very cool command.


Sample scenario:


Problem:

User on the Inside with an IP of 192.168.1.8 is having a problem accessing

Cisco.com (198.133.219.25). The user is getting NATed to 1.1.1.8



Step 1: Create ACL for both Inside and Outside Interface specifying the pre-NAT'd source and destination traffic in both directions


Access-list out permit tcp host 1.1.1.8 host 198.133.219.25 eq 80

Access-list out permit tcp host 198.133.219.25 eq 80 host 1.1.1.8

Access-list in permit tcp host 192.168.1.8 host 198.133.219.25 eq 80

Access-list in permit tcp host 198.133.219.25 eq 80 host 192.168.1.8


Step 2: Create captures on both Inside and Outside Interface


capture out-web access-list out buffer 700000 interface outside packet-length 1518

capture in-web access-list in buffer 700000 interface inside packet-length 1518



Step 3: Have Inside user access www.cisco.com



Step 4: Copy the captures off to a TFTP server

copy capture:out-web tftp://10.1.1.10 pcap

copy capture:in-web tftp://10.1.1.10 pcap



OR copy using https:


http server enable

http 0.0.0.0 0.0.0.0 outside

https:///capture/out-web/pcap


You can research it further here:


http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/cref_txt/c.htm#wp1910869


Actions

This Discussion