Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

fwsm 4.0.6 pcap

Trying to find the pcap file for a capture on an fwsm v4.0.6. I set up my capture like this:

access-list capacl permit ip 192.168.0.0 255.255.0.0 any

capture cap access-list capacl interface inside packet-length 1520 buffer 4000000

I can see my capture if I do a "show capture cap", but I'm trying to get at the pcap file.

I tried this, but it came back with a 404 error:

https://[fwsm_ip]/admin/capture/cap/pcap

I'd be grateful for any help.

Thanks

Mike

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: fwsm 4.0.6 pcap

glad to hear.

Yes, in the command ref. for copy capture:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/command/reference/c4.html#wp1881485

The following example shows how to copy a capture from within a context in multiple context mode. You must specify the context name:

hostname/Context1# capture abc access-list test interface inside

hostname/Context1# changeto system

hostname# copy capture:Context1/abc tftp:171.68.11.129/tftpboot/abc.cap

I will have the multiple context syntax added to the capture command reference

http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/command/reference/c1.html#wp1880831

Example listed in the above link is only for single context.

4 REPLIES
Cisco Employee

Re: fwsm 4.0.6 pcap

Is this multiple context?

If so you need this syntax:

https://ip_address/capture/context_name/capture_name/pcap

Community Member

Re: fwsm 4.0.6 pcap

That worked. Thank you VERY much -- it has been a frustrating experience trying to find that in the documentation. In fact, is it documented anywhere on Cisco's site?

Thanks again,

Mike

Cisco Employee

Re: fwsm 4.0.6 pcap

glad to hear.

Yes, in the command ref. for copy capture:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/command/reference/c4.html#wp1881485

The following example shows how to copy a capture from within a context in multiple context mode. You must specify the context name:

hostname/Context1# capture abc access-list test interface inside

hostname/Context1# changeto system

hostname# copy capture:Context1/abc tftp:171.68.11.129/tftpboot/abc.cap

I will have the multiple context syntax added to the capture command reference

http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/command/reference/c1.html#wp1880831

Example listed in the above link is only for single context.

Community Member

Re: fwsm 4.0.6 pcap

Thank you, you've been very helpful!

365
Views
0
Helpful
4
Replies
CreatePlease to create content