1. Define Interesting traffic
ASA(config)# access-list cap-list permit tcp host 10.0.0.1 host 192.168.0.1 eq 80
ASA(config)# access-list cap-list permit tcp host 192.168.0.1 eq 80 host 10.0.0.1
2. Start the captures
ASA# capture in-cap interface inside access-list cap-list buffer 1000000 packet 1522
ASA# capture out-cap interface outside access-list cap-list buffer 1000000 packet 1522
Please note that if there is NATting/PATting taking place you might need to create two different access lists with different Ip addresses and/or ports to capture the NATted/PATted traffic.
ASA# capture in-cap interface inside match tcp host 10.0.0.1 host 192.168.0.1 eq 80
3. View captures
ASA# sh capture in-capor
show capture cap1 dump
or
show capture mycap trace packet-number 3
4. Remove captures
ASA# no capture in-cap
ASA# no capture out-cap
No comments:
Post a Comment