Hello,

I am new to the ASA world so if there is a better way to do the following I would appreciate any suggestions. I need to capture what type of traffic is leaving our network on a daily basis, this should include source and destination ports. I will be capturing traffic for a weeks time in order to better our rules. I have gone into tools and preferences and under the packet capture wizard I put in Wireshark. In setting up the capture, I did the following for the ingress interface I selected the inside interface and I choose to specify packet parameters. For the source host/Network and destination host/network I am leaving them both at all zeros to capture everything. Same goes for the egress interface settings and I choose the outside interface. I am leaving the protocol defaulted to IP. From there I'm changing the buffer to be the max size and then starting the capture. Once it's running for a little bit I save that capture and clear the buffer and then repeat this process. This doesn't seem to be very efficient and I'm hoping there's a better way? ASDM version 6.6(1) and ASA Version 8.6(1)2 device type is ASA5525

Thanks,