Content added Content deleted
imported>DrOwl No edit summary |
imported>DrOwl mNo edit summary |
||
Line 11: | Line 11: | ||
=== Start a Capture === |
=== Start a Capture === |
||
# capture [name] interface [interface name] match [protical (ip/icmp/tcp/udp)] host [source host (x.x.x.x/any)] [Dest host (x.x.x.x/any)] |
\# capture [name] interface [interface name] match [protical (ip/icmp/tcp/udp)] host [source host (x.x.x.x/any)] [Dest host (x.x.x.x/any)] |
||
=== Stop the capture but keep the data === |
=== Stop the capture but keep the data === |
||
# no capture [name] interface [interface name] |
\# no capture [name] interface [interface name] |
||
=== List Caputres === |
=== List Caputres === |
||
# show capture [name] |
\# show capture [name] |
||
=== Delete the capture === |
=== Delete the capture === |
||
# no capture [name] |
\# no capture [name] |
||
Line 43: | Line 43: | ||
== packet tracer |
== packet tracer == |
||
# packet-tracer input [interface name] [protical (icmp/tcp/udp)] [source host (x.x.x.x)] [source port] [dest host (x.x.x.x)] [desk port] (detailed) |
# packet-tracer input [interface name] [protical (icmp/tcp/udp)] [source host (x.x.x.x)] [source port] [dest host (x.x.x.x)] [desk port] (detailed) |
Revision as of 16:09, 1 July 2014
Some notes on working with Cisco ASA's
Commands on an asa 8.3 and above
Capture packets (like linux tcpdump/ Solaris snoop)
Start a Capture
\# capture [name] interface [interface name] match [protical (ip/icmp/tcp/udp)] host [source host (x.x.x.x/any)] [Dest host (x.x.x.x/any)]
Stop the capture but keep the data
\# no capture [name] interface [interface name]
List Caputres
\# show capture [name]
Delete the capture
\# no capture [name]
Example
# capture SH interface extern match ip host 10.10.10.10 any
# show capt capture SH type raw-data [Capturing - 14486 bytes] match ip host 10.10.10.10 any
# show capture SH 71 packets captured 1: 16:47:19.884750 10.10.10.3.64216 > 10.10.10.10.53: udp 42 2: 16:47:19.885086 10.10.10.10.53 > 10.10.10.3.64216: udp 238 ...
packet tracer
- packet-tracer input [interface name] [protical (icmp/tcp/udp)] [source host (x.x.x.x)] [source port] [dest host (x.x.x.x)] [desk port] (detailed)
Example
- packet-tracer input external tcp 10.10.10.3 64216 10.10.10.10 53 detailed