Solved: Replacement for "debug packet <int> src | dst .... in Pix ver7.x?

m.surtees · ‎07-13-2006

I loved the debug packet cmd in ver 6.3 and used it *every* time there was an issue or a question of whether it was the FW's 'fault' - generally wasn't and I could show traffic hitting the pix on one side, leaving it on another with required NATing or not and often thereby prove by lack of return traffic that the issue was downstream.

Ver 7.x does not have this debug packet cmd ... what can I use in it's place. So far ASA is looking like a backwards step, but only for this reason.

Thanks for any help,

Mike

andrew.burns · ‎07-13-2006

Hi,

See the capture command in the docs - and as of 7.2 see also the packet-tracer command - should give you all the tools you need.

HTH

Andrew.

View solution in original post

grant.maynard · ‎07-13-2006

Cisco have dropped the debug packet command for PIX from v7, however instead you can use the capture command to set up packet sniffing on the PIX itself. It is best used with an ACL to specify traffic. The basic syntax is:

capture access-list interface

show capture

View solution in original post

andrew.burns · ‎07-13-2006

Hi,

See the capture command in the docs - and as of 7.2 see also the packet-tracer command - should give you all the tools you need.

HTH

Andrew.

m.surtees · ‎07-18-2006

thanks also for the info

Regards,

Mike

grant.maynard · ‎07-13-2006

Cisco have dropped the debug packet command for PIX from v7, however instead you can use the capture command to set up packet sniffing on the PIX itself. It is best used with an ACL to specify traffic. The basic syntax is:

capture access-list interface

show capture

m.surtees · ‎07-18-2006

thanks for the info .... I shall go forth and capture (doesn't sound as cool as debug)

Regards,

Mike