debug packet on ASA

rmv72 · ‎09-25-2006

Which analog PIX's command -

debug packet src/dst x.x.x.x netmask y.y.y.y

on ASA device?

paulkbeyer · ‎09-26-2006

debug packet is no longer current on the 7x software - you want to use the capture feature.

e.g.

Create an access list with traffic you're interested in

access-list cap_traffic extended permit ip host 192.168.1.2 any

continue adding to this ACL depending on how much traffic you're interested in..

access-list cap_traffic extended permit tcp any host 192.168.1.2 eq www

capture access-list interface

To view active capture sessions:

sh cap

To view the details of a capture session

sh cap

Use the no form to end capture sessions then clean up your ACL's..

There are many variations to the capture command:

access-list Capture packets that match access-list

buffer Configure size of capture buffer, default is 512 KB

circular-buffer Overwrite buffer from beginning when full, default is

non-circular

ethernet-type Capture Ethernet packets of a particular type, default is IP

interface Capture packets on a specific interface

packet-length Configure maximum length to save from each packet, default

is 68 bytes

trace Trace the captured packets

type Capture packets based on a particular type

Hope this helps

Paul.

jwalker · ‎09-26-2006

If you would like to view the capture in Ethereal, follow the following method...

1. Navigate to https:///capture//pcap

2. Download the capture

3. Open with Ethereal