Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASDM Packet Capture

Hello,

 

I am new to the ASA world so if there is a better way to do the following I would appreciate any suggestions. I need to capture what type of traffic is leaving our network on a daily basis, this should include source and destination ports. I will be capturing traffic for a weeks time in order to better our rules. I have gone into tools and preferences and under the packet capture wizard I put in Wireshark. In setting up the capture, I did the following for the ingress interface I selected the inside interface and I choose to specify packet parameters. For the source host/Network and destination host/network I am leaving them both at all zeros to capture everything. Same goes for the egress interface settings and I choose the outside interface. I am leaving the protocol defaulted to IP. From there I'm changing the buffer to be the max size and then starting the capture. Once it's running for a little bit I save that capture and clear the buffer and then repeat this process. This doesn't seem to be very efficient and I'm hoping there's a better way? ASDM version 6.6(1) and ASA Version 8.6(1)2 device type is ASA5525

Thanks,

2 REPLIES
Cisco Employee

Hi,I think much easier way of

Hi,

I think much easier way of doing this would be to use some monitoring tools like Netflow , SNMP etc.

There are some freeware also available for these tools.If you want you can also check for Threat detection statistics grah on the ASDM.

https://supportforums.cisco.com/document/30471/netflow-asa

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113685-asa-threat-detection.html

EDIT:- Also , applying captures with IP ANY ANY might have some performance impact.

Thanks and Regards,

Vibhor Amrodia

New Member

thank you very much.

thank you very much.

83
Views
0
Helpful
2
Replies