Re: Capture Question

rod.blackie · ‎02-03-2009

Gents,

I have an intersting problem, my company is having timeout problems when accessing a particular web site - this site can be accessed through a standard ADSL conneciton. We have a PIX 515 OS 8.x at the front of our corporate network.

My question is this:

How can I capture the return http packet information on the outside interface, bearing in mind that the connection has already been established via the ACL on the inside interface.

I need to try and establish if the original syn packet has recieved an syn-ack reply.

Thanks

Rod

celiocarreto · ‎02-03-2009

Hi,

if you know the destination ip, then create an adequate ACL and capture on outside interface.

For example: webserver - 1.1.1.1

access-list test permit ip any host 1.1.1.1

access-list test permit ip host 1.1.1.1 any

capture test access-list test interface outside [trace detail]

Regards, Celio

rod.blackie · ‎02-03-2009

Hi Celio,

I have got the information I require by carrying out the sh conn command, however the site I am havinf problems with is showing a saA flag - I understand that this flag indicates that the PIX is awaiting a response, does this mean that there could be an conflict with the web server IP address and one of the pix security features????

thanks

rod