Content added Content deleted
imported>DrOwl (Created page with " = Some notes on working with Cisco ASA's = = Commands on an asa 8.3 and above = == Capture packets (like linux tcpdump/ Solaris snoop) == === Start a Capture === # cap...") |
imported>DrOwl No edit summary |
||
Line 25:
=== Example ===
# capture SH interface extern match ip host 10.10.10.10 any
# show capt
capture SH type raw-data [Capturing - 14486 bytes]
match ip host 10.10.10.10 any
# show capture SH
71 packets captured▼
1: 16:47:19.884750 10.10.10.3.64216 > 10.10.10.10.53: udp 42 ▼
2: 16:47:19.885086 10.10.10.10.53 > 10.10.10.3.64216: udp 238 ▼
...▼
▲71 packets captured
▲ 1: 16:47:19.884750 10.10.10.3.64216 > 10.10.10.10.53: udp 42
▲ 2: 16:47:19.885086 10.10.10.10.53 > 10.10.10.3.64216: udp 238
▲...
Line 43 ⟶ 45:
== packet tracer ===
# packet-tracer input [interface name] [protical (icmp/tcp/udp)] [source host (x.x.x.x)] [source port] [dest host (x.x.x.x)] [desk port] (detailed)
=== Example ===
# packet-tracer input
|
Revision as of 16:07, 1 July 2014
Some notes on working with Cisco ASA's
Commands on an asa 8.3 and above
Capture packets (like linux tcpdump/ Solaris snoop)
Start a Capture
- capture [name] interface [interface name] match [protical (ip/icmp/tcp/udp)] host [source host (x.x.x.x/any)] [Dest host (x.x.x.x/any)]
Stop the capture but keep the data
- no capture [name] interface [interface name]
List Caputres
- show capture [name]
Delete the capture
- no capture [name]
Example
# capture SH interface extern match ip host 10.10.10.10 any
# show capt capture SH type raw-data [Capturing - 14486 bytes] match ip host 10.10.10.10 any
# show capture SH 71 packets captured 1: 16:47:19.884750 10.10.10.3.64216 > 10.10.10.10.53: udp 42 2: 16:47:19.885086 10.10.10.10.53 > 10.10.10.3.64216: udp 238 ...
packet tracer =
- packet-tracer input [interface name] [protical (icmp/tcp/udp)] [source host (x.x.x.x)] [source port] [dest host (x.x.x.x)] [desk port] (detailed)
Example
- packet-tracer input external tcp 10.10.10.3 64216 10.10.10.10 53 detailed