Method to periodically transfer packet captures from ASA?
Investigating an intermittent issue we have with one of our systems, I have set-up a packet capture to look at the traffic going through the firewall. The problem is, because we have no way of knowing when the issue is going to occur, the buffer can fill up before the relevant traffic is captured. Likewise, if I use "circular-buffer" to overwrite the buffer from the beginning when full, I have still ended up missing the traffic I'm interested in because it's been overwritten by the time I go to look at it!
So, does anyone have a method whereby I could regularly copy off the packet captures to a TFTP server whenever the capture is full? (or at least on a regular basis so I can hopefully have as much of the traffic as possible captured and available to look back at?)
It can sometimes be weeks before the problem we are looking into becomes apparent so I don't want to have to manually transfer the packet captures each time.
Yeah, that's what I've ended up doing - just scripting a job to run daily and login to the ASA to run the commands to dump the file to my TFTP server. Was hoping there might be a "cleaner" and simpler way to do it via the ASA itself but alas, it seems that's not the case.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...