Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Debug command

Any manual of how to use debug command specific to a packet or IP address. Since it take lot of memory if I run that randomly.

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: Debug command

We dont need to apply this access-list on any interface. It is completely independent of existing access-lists on device. The sole pupose of these ACLs is to match the traffic we need to capture by using them in the capture command.

3 REPLIES
Silver

Re: Debug command

Debug command was the old way of capturing the packets. This command has been deprecated in 7.x versions. There is a better way available to capture the packets. For that we can use the "capture" command. Here is an example-

suppose there is a host a.a.a.a on the inside interface of PIX/ASA and I need to capture all the outbound packets from this host. For this, I can apply captures using folloaing commands-

-> access-list capi permit ip host a.a.a.a any

-> capture cpi access-list capi buffer 1000000 packet-length 1518 interface inside

Using access-list gives me more strength and granularity to capture only the packets I need. Later I use that access-list in the capture command. To download the capture files, I need to point my browser to-

https://interface_ip/capture/cpi/pcap

(assuming PDM/ASDM is installed)

You can also use "copy" command to transfer the capture file to a tftp server.

Link for capture command-

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/cref_txt/c.htm#wp1950270

Link for copy command-

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/cref_txt/c.htm#wp1970556

Hope this is helpful.

Regards,

Vibhor.

New Member

Re: Debug command

Hi ,

Thanks for your response. Do we need to apply accesslist exclusively to an interface. Do the above access-list capi is independent of exisiting access-list.

Regards,

siva

Silver

Re: Debug command

We dont need to apply this access-list on any interface. It is completely independent of existing access-lists on device. The sole pupose of these ACLs is to match the traffic we need to capture by using them in the capture command.

306
Views
8
Helpful
3
Replies
CreatePlease to create content