11-05-2014 07:22 AM - edited 03-11-2019 10:01 PM
Hello,
I am new to the ASA world so if there is a better way to do the following I would appreciate any suggestions. I need to capture what type of traffic is leaving our network on a daily basis, this should include source and destination ports. I will be capturing traffic for a weeks time in order to better our rules. I have gone into tools and preferences and under the packet capture wizard I put in Wireshark. In setting up the capture, I did the following for the ingress interface I selected the inside interface and I choose to specify packet parameters. For the source host/Network and destination host/network I am leaving them both at all zeros to capture everything. Same goes for the egress interface settings and I choose the outside interface. I am leaving the protocol defaulted to IP. From there I'm changing the buffer to be the max size and then starting the capture. Once it's running for a little bit I save that capture and clear the buffer and then repeat this process. This doesn't seem to be very efficient and I'm hoping there's a better way? ASDM version 6.6(1) and ASA Version 8.6(1)2 device type is ASA5525
Thanks,
11-06-2014 12:38 AM
Hi,
I think much easier way of doing this would be to use some monitoring tools like Netflow , SNMP etc.
There are some freeware also available for these tools.If you want you can also check for Threat detection statistics grah on the ASDM.
https://supportforums.cisco.com/document/30471/netflow-asa
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113685-asa-threat-detection.html
EDIT:- Also , applying captures with IP ANY ANY might have some performance impact.
Thanks and Regards,
Vibhor Amrodia
11-12-2014 08:53 AM
thank you very much.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide