Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

FWSM 3.1(4) capture only showing traffic inbound to an interface

I'm having problems capturing traffic leaving an interface on a FWSM. It only shows the traffic inbound to the interface. Has anyone found a way to get this working?

3 REPLIES

Re: FWSM 3.1(4) capture only showing traffic inbound to an inter

can you post the SPAN /monitor config.

Re: FWSM 3.1(4) capture only showing traffic inbound to an inter

:))

Could you post your capture configuration?

New Member

Re: FWSM 3.1(4) capture only showing traffic inbound to an inter

Sure. thanks! I know I could use the same ACL, but I'm using two for testing..disregard the reset. I just telnet'd to port 3389. It's the initial ack from 10.50.1.66 etc that's not showing on the JTC-BB interface. The initial SYN is not showing on the ESX-ILO interface etc. Also icmp echo requests will show leaving an interface, just not tcp.

access-list in extended permit ip host 10.50.1.66 any

access-list in extended permit ip any host 10.50.1.66

access-list out extended permit ip host 10.50.1.66 any

access-list out extended permit ip any host 10.50.1.66

capture inside type raw-data access-list in interface JTC-BB

capture outside type raw-data access-list out interface ESX-ILO

FWSM-6003/bastion# sh cap inside

3 packets captured

1: 18:34:23.2310907230 802.1Q vlan#229 P0 10.130.34.226.2645 > 10.50.1.66.3389: S 1500397783:1500397783(0) win 65535

2: 18:34:23.2310907260 802.1Q vlan#229 P0 10.130.34.226.2645 > 10.50.1.66.3389: . ack 4212524028 win 65535

3: 18:34:26.2310909840 802.1Q vlan#229 P0 10.130.34.226.2645 > 10.50.1.66.3389: P 1500397784:1500397786(2) ack 4212524028 win 65535

FWSM-6003/bastion# sh cap outside

2 packets captured

1: 18:34:23.2310907230 802.1Q vlan#234 P0 10.50.1.66.3389 > 10.130.34.226.2645: S 4212524027:4212524027(0) ack 2671557974 win 16384

2: 18:34:26.2310909840 802.1Q vlan#234 P0 10.50.1.66.3389 > 10.130.34.226.2645: R 4212524028:4212524028(0) ack 2671557976 win 0

123
Views
0
Helpful
3
Replies