I took some capture files this morning on our ASA appliance. I actually view the packets being captured with the real time command. Once I had what I needed, I ended the capture. I then FTP the trace files to my workstation, opened Wireshark to then point to the files. I keep getting this message when I try to open the files::The file "C:\FTProot\lori_ip" isn't a capture file in a format Wireshark understands. I have tried using both a .pcap and a .cap extension. I am still getting the same error message.
When transferring the capture files, you must be sure to leverage the '/pcap' parameter to copy the file as a valid *.pcap file. You probably downloaded the file as the textual version. You may still be able to glean some information from the file if you open it within a text viewer.
You can also download the files leveraging the following URL:
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...