Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
293
Views
0
Helpful
2
Replies

Trace traffic On 515 firewall

tundeomogbai
Level 1
Level 1

‎03-02-2007 07:56 AM - edited ‎03-11-2019 02:40 AM

I would need help on how i can trace and capture traffic on the above firewall.

i need to prove to my IS guys that the firewall has no problems.

Labels:
0 Helpful
2 Replies 2

hoogen_82
Level 4
Level 4

‎03-02-2007 08:11 AM

What kind of traffic are you trying trace..What is the problem that you are facing?

ICMP packet trace can be enabled by issuing a debug icmp trace command, to stop it enter no debug icmp trace.

Cheers

Hoogen

0 Helpful

suschoud
Cisco Employee
Cisco Employee
In response to hoogen_82

‎03-02-2007 10:59 AM

Following is the method to take captures on PIX:

Issue with communication between a client on inside interface and a server on outside interface.

Replace IP addresses appropriately-

access-list cpo permit ip host host

access-list cpo permit ip host host

capture capo access-list cpo buffer 2000000 packet-length 1518 interface outside

access-list cpi permit ip host host

access-list cpi permit ip host host

capture capi access-list cpi buffer 2000000 packet-length 1518 interface inside

SRC_IP : This is the original IP address of client from where request is being

generated

XSRC_IP : This is the translated IP address of the inside client. IP address to

which inside client is translated when going outbound.

DST_IP : This is the Destination IP address.

Alternatively, captures on both interfaces can be taken in a single capture file.

access-list cap permit ip host host

access-list cap permit ip host host

access-list cap permit ip host host

access-list cap permit ip host host

capture capio access-list cap buffer 2000000 packet-length 1518 interface outside interface inside

To download the captures:

using a maching with PDM access-

https://interface_IP/capture/capo/pcap

--> save file as outside.cap

(Captures on outside interface)

https://interface_IP/capture/capi/pcap

--> save file as inside.cap

(Captures on inside interface)

https://interface_IP/capture/capio/pcap

--> save file as inout.cap

(Captures on inside and outside interface)

If PDM is not available, captures can be sent to a TFTP server using following commands-

copy capture:capo tftp://x.x.x.x/outside.cap pcap

(Captures on outside interface of PIX, capture file will be saved as "outside.cap")

copy capture:capi tftp://x.x.x.x/inside.cap pcap

(Captures on outside interface of PIX, capture file will be saved as "inside.cap")

copy capture:capio tftp://x.x.x.x/inout.cap pcap

(Captures on inside and outside interface of PIX, capture file will be saved as "inout.cap")

x.x.x.x : IP address of TFTP server.

------

do not forget to rate this. :)

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card