Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

How to capture traffic to and from an IP address using ASDM

I need to capture all the traffic between our client's ASA 5505 and their PBX.  I would like to set up a packet capture using the wizard in the ASDM if possible, but it seems like I can only capture the traffic going one direction.  Is it possible to capture all traffice to and from the PBX?  If so, how?

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Community Member

Re: How to capture traffic to and from an IP address using ASDM

From this article set up a capture.

Document ID: 71871

ASA Capture Feature

The administrator needs to create an access-list that defines what traffic the ASA needs to capture. After the access-list is defined, the capture command incorporates the access-list and applies it to an interface.

ciscoasa(config)#access-list inside_test permit icmp any host 192.168.1.1
ciscoasa(config)#capture inside_interface access-list inside_test interface inside

The user pings the inside interface of the ASA (ping 192.168.1.1). This output is displayed.

ciscoasa#show capture inside_interface
   1: 13:04:06.284897 192.168.1.50 > 192.168.1.1: icmp: echo request

!--- The user IP address is 192.168.1.50.

Note: In order to download the capture file to a system such as ethereal, you can do it as this output shows.


!--- Open an Internet Explorer and browse with this https link format:

https://[/]/capture//pcap
4 REPLIES

Re: How to capture traffic to and from an IP address using ASDM

I'm unaware that ASA5505 have such capability. Your best bet is to perform SPAN if there's any switch in between.

Edit: I've just recalled there's a 'capture' feature on ASA.

https://supportforums.cisco.com/docs/DOC-17345

Sent from Cisco Technical Support iPhone App

Purple

How to capture traffic to and from an IP address using ASDM

Hi,

The ASA 5505 has a built-in switch that suports SPAN:http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/int5505.html

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
Community Member

Re: How to capture traffic to and from an IP address using ASDM

I'm looking for steps on how to set up a packet capture on the ASA5505 that will capture all traffic on the internal interface to and from a particular IP address.  I have a strong preference for using the capture wizard in ASDM, but command line would be better than nothing.

I have not been able to find the answer to my question in the documentation provided.

Community Member

Re: How to capture traffic to and from an IP address using ASDM

From this article set up a capture.

Document ID: 71871

ASA Capture Feature

The administrator needs to create an access-list that defines what traffic the ASA needs to capture. After the access-list is defined, the capture command incorporates the access-list and applies it to an interface.

ciscoasa(config)#access-list inside_test permit icmp any host 192.168.1.1
ciscoasa(config)#capture inside_interface access-list inside_test interface inside

The user pings the inside interface of the ASA (ping 192.168.1.1). This output is displayed.

ciscoasa#show capture inside_interface
   1: 13:04:06.284897 192.168.1.50 > 192.168.1.1: icmp: echo request

!--- The user IP address is 192.168.1.50.

Note: In order to download the capture file to a system such as ethereal, you can do it as this output shows.


!--- Open an Internet Explorer and browse with this https link format:

https://[/]/capture//pcap
696
Views
6
Helpful
4
Replies
CreatePlease to create content