Packet Capture with Cisco PIX / ASA

March 11, 2008

One of the guys I work with learned a cool trick and decided to pass it on to me. From a Cisco ASA / PIX firewall you can create a pcap file from the command line for use in Wireshark or just to debug from the console.

First we need to create an access list.

access-list testpcap permit tcp any any

Next we start the capture.

capture testpcapname access-list testpcap interface outside

Now that the capture is started you can view your capture with

show capture testpcapname

or you can download the current pcap file from the SDM with

http://ipoffirewall/testpcapname/pcap

To stop the capture issue

no capture testpcapname

and don’t forget to delete your access list unless you want to use it later. This example was very basic but you could get pretty granular with the access list rules to only pickup the data that you absolutely need to troubleshoot an issue or just for fun.

Leave a Reply

Your email address will not be published. Required fields are marked *


*