Revision as of 16:04, 1 July 2014 by imported>DrOwl (Created page with " = Some notes on working with Cisco ASA's = = Commands on an asa 8.3 and above = == Capture packets (like linux tcpdump/ Solaris snoop) == === Start a Capture === # cap...")
Some notes on working with Cisco ASA's
Commands on an asa 8.3 and above
Capture packets (like linux tcpdump/ Solaris snoop)
Start a Capture
- capture [name] interface [interface name] match [protical (ip/icmp/tcp/udp)] host [source host (x.x.x.x/any)] [Dest host (x.x.x.x/any)]
Stop the capture but keep the data
- no capture [name] interface [interface name]
List Caputres
- show capture [name]
Delete the capture
- no capture [name]
Example
- capture SH interface extern match ip host 10.10.10.10 any
- show capt
capture SH type raw-data [Capturing - 14486 bytes]
match ip host 10.10.10.10 any
- show capture SH
71 packets captured
1: 16:47:19.884750 10.10.10.3.64216 > 10.10.10.10.53: udp 42 2: 16:47:19.885086 10.10.10.10.53 > 10.10.10.3.64216: udp 238
...
packet tracer =
- packet-tracer input [interface name] [protical (icmp/tcp/udp)] [source host (x.x.x.x)] [source port] [dest host (x.x.x.x)] [desk port] detailed
Example
- packet-tracer input extern tcp 5.159.230.98 40432 109.174.153.4 5060 detailed