can anyone offer any advice on what is the best way of seeing traffic that gets dropped on an interface. For example if you run tcpdump on an interface for a host you can see all traffic that hits the interface. whats the best way to achieve this with an interface on a pix/asa
Yeah I am familiar with the capture command. so I guess to debug packets being dropped by the outside interface you need some details about destination/source address, apply and acl to the interface and capture packets for that acl? this would be considered the best way to get this info? My only concern about that is it coudl be a potential security risk. if you put an acl on the outside interface to allow 1.2.3.4 in to an internal host for IP just so you can capture the packets you are punching a hole in your firewall and you wouldnt want to forget to take it off after troubleshooting. correct?
Ok so you create the capture acl but dont apply it to an interface. then you just run capture on the interface and specify the capture acl you have created that is not applied on any interface?
