ASA/PIX Packet Capture

There is an excellent packet capture capability built in to the ASA/PIX software. In order to capture traffic perform the following:

1) Create an ACL to identify the traffic you want to capture:

access-list ACL_CAPTURE permit tcp any any eq smtp

2) Create the capture statement:

capture MYCAP access-list ACL_CAPTURE interface inside

If you want to see the entire packet you would need to add the “packet-length 1522”

capture MYCAP access-list ACL_CAPTURE packet-length 1522 interface inside

You can then do a “show capture MYCAP” to see the traffic.

If you want to download the capture to a sniffer (wireshark), you have to do that while the capture is running you do that from a browser with the URL https:///capture//pcap

NOTE: This assumes that the interface on your ASA is named “inside”

Leave a Reply

Your email address will not be published. Required fields are marked *