Content added Content deleted
imported>DrOwl (Created page with " = Some notes on working with Cisco ASA's = = Commands on an asa 8.3 and above = == Capture packets (like linux tcpdump/ Solaris snoop) == === Start a Capture === # cap...") |
imported>DrOwl No edit summary |
||
Line 25: | Line 25: | ||
=== Example === |
=== Example === |
||
# capture SH interface extern match ip host 10.10.10.10 any |
# capture SH interface extern match ip host 10.10.10.10 any |
||
# show capt |
# show capt |
||
capture SH type raw-data [Capturing - 14486 bytes] |
capture SH type raw-data [Capturing - 14486 bytes] |
||
match ip host 10.10.10.10 any |
match ip host 10.10.10.10 any |
||
# show capture SH |
# show capture SH |
||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
Line 43: | Line 45: | ||
== packet tracer === |
== packet tracer === |
||
# packet-tracer input [interface name] [protical (icmp/tcp/udp)] [source host (x.x.x.x)] [source port] [dest host (x.x.x.x)] [desk port] detailed |
# packet-tracer input [interface name] [protical (icmp/tcp/udp)] [source host (x.x.x.x)] [source port] [dest host (x.x.x.x)] [desk port] (detailed) |
||
=== Example === |
=== Example === |
||
# packet-tracer input |
# packet-tracer input external tcp 10.10.10.3 64216 10.10.10.10 53 detailed |
Revision as of 16:07, 1 July 2014
Some notes on working with Cisco ASA's
Commands on an asa 8.3 and above
Capture packets (like linux tcpdump/ Solaris snoop)
Start a Capture
- capture [name] interface [interface name] match [protical (ip/icmp/tcp/udp)] host [source host (x.x.x.x/any)] [Dest host (x.x.x.x/any)]
Stop the capture but keep the data
- no capture [name] interface [interface name]
List Caputres
- show capture [name]
Delete the capture
- no capture [name]
Example
# capture SH interface extern match ip host 10.10.10.10 any
# show capt capture SH type raw-data [Capturing - 14486 bytes] match ip host 10.10.10.10 any
# show capture SH 71 packets captured 1: 16:47:19.884750 10.10.10.3.64216 > 10.10.10.10.53: udp 42 2: 16:47:19.885086 10.10.10.10.53 > 10.10.10.3.64216: udp 238 ...
packet tracer =
- packet-tracer input [interface name] [protical (icmp/tcp/udp)] [source host (x.x.x.x)] [source port] [dest host (x.x.x.x)] [desk port] (detailed)
Example
- packet-tracer input external tcp 10.10.10.3 64216 10.10.10.10 53 detailed