how to trace a particluar ip which is hitting the pix nating ip quite frequently,how to use the log in formation,with date,
The best way to trace a particular IP is throught the use of the capture statement... First, you define an ACL to look for the specific traffic you are interested in. Then, you assign your ACL to a cap and applyt he capture to the interface you want. Here is an example:
access-list cap extended permit ip host 188.8.131.52 host 184.108.40.206
capture cap access-list cap interface outside
Thanks for the reply.
my nat ip is 41.x.x.x assigned to the internal 172.x.x.x.now i need to capture the 172.x.x.x series traffic.now give the config for the acl and config of the interface.what's the command to see the output
Here you go...
access-list cap1 extended permit ip any host 220.127.116.11(router's public IP)
access-list cap1 extended permit ip host 18.104.22.168 any
access-list cap2 extended permit ip any host 172.16.1.1 (router's internal IP)
access-list cap2 extended permit ip host 172.16.1.1 any
capture cap1 access-list cap1 interface outside
capture cap2 access-list cap2 interface inside
To see captures..
show capture cap1
show capture cap2
********* PLEASE RATE***************
Then either your traffic is not getting through the firewall.... Or you didn't make the access list correctly. Or you didn't apply the access list to the inside with the capture command.
Check those 3 things.
thanks ,i am able to capture on both.i need to capture the complete traffic both inside &outside interfaces and store in to an ftp directory,how to do it??
now its getting only 958 packets,if i need to capture for a day continous.how to go about that????
You can download the captures in a format viewable with Ethereal. Here is how you do it..
1. Open Internet Explorer
2. Browse to https://
3. Save file
4. Open using Ethereal.
You can capture as much as you want..
As always.. Please rate!!