This completes the packet capture procedure.Ĭomplete these steps in order to configure the packet capture feature on the ASA with the CLI:
Click Save captures in order to save the capture information.
Click Start in order to start the packet capture, as shown here:.This window shows the Access-lists that must be configured on the ASA so that the desired packets are captured, and it shows the type of packets to be captured (IP packets are captured in this example).In this example, circular buffer is not used, so the check box is not checked. As the buffer reaches its maximum size, older data is discarded and the capture continues. Also, remember to check the Use circular buffer check box if you want to use the circular buffer option. Enter the appropriate Packet Size and the Buffer Size in the respective space provided, as this data is required in order for the capture to take place.If Network Address Translation (NAT) is performed on the Firewall, take this into consideration as well. Select outside for the Egress Interface and provide the source and the destination IP addresses, along with their subnet mask, in the respective spaces provided.Also, choose the packet type to be captured by the ASA (IP is the packet type chosen here), as shown: Select inside for the Ingress Interface and provide the source and the destination IP addresses of the packets to be captured, along with their subnet mask, in the respective space provided. In the new window, provide the parameters that are used in order to capture the INGRESS traffic.Navigate to Wizards > Packet Capture Wizard in order to start the packet capture configuration, as shown:.
Note: This example configuration is used in order to capture the packets that are transmitted during a ping from User1 (inside network) to Router1 (outside network).Ĭomplete these steps in order to configure the packet capture feature on the ASA with the ASDM: They are RFC 1918 addresses that are used in a lab environment. Note: The IP addressing schemes that are used in this configuration are not legally routable on the Internet. Note: Use the Command Lookup Tool ( registered customers only) in order to obtain more information on the commands used in this section. This section provides information that you can use in order to configure the packet capture features that are described in this document. In addition, you can create multiple captures in order to analyze different types of traffic on multiple interfaces. The packet capture process is useful when you troubleshoot connectivity problems or monitor suspicious activity. This configuration can also be used with these Cisco products: If your network is live, make sure that you understand the potential impact of any command. All of the devices used in this document started with a cleared (default) configuration. The information in this document was created from the devices in a specific lab environment.
This document is not restricted to specific hardware or software versions. This document assumes that the ASA is fully operational and is configured in order to allow the Cisco ASDM or the CLI to make configuration changes.
This document describes how to configure the Cisco Adaptive Security Appliance (ASA) Next-Generation Firewall in order to capture the desired packets with either the Cisco Adaptive Security Device Manager (ASDM) or the CLI.