One of the guys I work with learned a cool trick and decided to pass it on to me. From a Cisco ASA / PIX firewall you can create a pcap file from the command line for use in Wireshark or just to debug from the console.
First we need to create an access list.
access-list testpcap permit tcp any any
Next we start the capture.
capture testpcapname access-list testpcap interface outside
Now that the capture is started you can view your capture with
show capture testpcapname
or you can download the current pcap file from the SDM with
To stop the capture issue
no capture testpcapname
and don’t forget to delete your access list unless you want to use it later. This example was very basic but you could get pretty granular with the access list rules to only pickup the data that you absolutely need to troubleshoot an issue or just for fun.