Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

packet capture on server in dmz

Hi all

is it correct that when I do a packet capture on my webserver in the dmz, I never see the true public destinationip address, I only ever see the destination as the interface of my dmz when the traffic is going back to the web, why is this ?

New Member

Re: packet capture on server in dmz

You can do a packet capture with the following commands


create an extended access-list matching the traffic src/dst or type of traffic.

access-list ex CAPTURE permit tcp host host

under global config


than do a show capture to view the output

Hope this helps

New Member

Re: packet capture on server in dmz

hi there

when traffic from outside the firewall comes into my dmz gets natted, Am I right in saying that the source address from outside does not change, for some reason when I do a packet capture on the dmz net server, i always see the source as the dmz interface and the destination the server, in which case when the traffic goes back to the destination, how does it know where to go?? I would expect the source to be kept intact, or would it get changed to the firewall interface, how does it know where to send it back to?? would this be in the state table ?

New Member

Re: packet capture on server in dmz

Could you post the capture output that you doing?

But yes if the traffic is getting Nat'd from outside to DMZ the source should be the Nat'd ip address. Ip depends on the set up.

CreatePlease to create content