Friday, 5 February 2016

Packet capture via the command line with ASA 5510

For this kind of thing I typically much prefer the CLI with the ASA!

To start a new capture we can issue something like:

capture mycapture1 interface <interface> match <protocol> host <source-ip> host <destination-ip> eq <port> buffer 5242880

To view the capture we can copy it from the device to an FTP server:

copy /pcap capture:mycapture1 ftp://user:pass@123.123.123.123/mycapture1.pcap

or simply download it directly from the web interface:

https://192.168.1.1/admin/capture/mycapture1/pcap

and we have have the ability to view it in the terminal with:

show capture mycapture1

0 comments:

Post a comment