Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4728
Views
15
Helpful
3
Replies

ASA capture files not being read by Wireshark

Go to solution
Kevin Melton
Level 2
Level 2

‎08-20-2009 10:30 AM - edited ‎03-11-2019 09:08 AM

I took some capture files this morning on our ASA appliance. I actually view the packets being captured with the real time command. Once I had what I needed, I ended the capture. I then FTP the trace files to my workstation, opened Wireshark to then point to the files. I keep getting this message when I try to open the files::The file "C:\FTProot\lori_ip" isn't a capture file in a format Wireshark understands. I have tried using both a .pcap and a .cap extension. I am still getting the same error message.

Wireshark is opening other files just fine.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
robertson.michael
Level 3
Level 3
In response to Kevin Melton

‎08-21-2009 10:00 AM

Hi Kevin,

Using the capture command, the syntax would look like this:

copy /pcap capture:[context/]

Here is a link to the command reference also:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/c4.html#wp2123161

Hope that helps.

-Mike

View solution in original post

3 Replies 3

Go to solution
Kevin Redmon
Cisco Employee
Cisco Employee

‎08-20-2009 01:39 PM

When transferring the capture files, you must be sure to leverage the '/pcap' parameter to copy the file as a valid *.pcap file. You probably downloaded the file as the textual version. You may still be able to glean some information from the file if you open it within a text viewer.

You can also download the files leveraging the following URL:

https:///capture//pcap

Here's a helpful link for the packet capture feature:

http://www.nortfm.com/?View=entry&EntryID=1

Go to solution
Kevin Melton
Level 2
Level 2
In response to Kevin Redmon

‎08-20-2009 01:53 PM

I am still having difficulty "leveraging" with the "/pcap" parameter. Where exactly in the copy command does it belong. I have tried it everywher and the ASA is just not liking it...

0 Helpful

Go to solution
robertson.michael
Level 3
Level 3
In response to Kevin Melton

‎08-21-2009 10:00 AM

Hi Kevin,

Using the capture command, the syntax would look like this:

copy /pcap capture:[context/]

Here is a link to the command reference also:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/c4.html#wp2123161

Hope that helps.

-Mike

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card