https://community.cisco.com/t5/network-security/trace-traffic-on-515-firewall/m-p/687712#M1024315 <HTML><HEAD></HEAD><BODY><P>What kind of traffic are you trying trace..What is the problem that you are facing?</P><P></P><P>ICMP packet trace can be enabled by issuing a debug icmp trace command, to stop it enter no debug icmp trace.</P><P></P><P>Cheers</P><P>Hoogen</P></BODY></HTML> Fri, 02 Mar 2007 16:11:23 GMT hoogen_82 2007-03-02T16:11:23Z https://community.cisco.com/t5/network-security/trace-traffic-on-515-firewall/m-p/687711#M1024314 <P>I would need help on how i can trace and capture traffic on the above firewall.</P><P>i need to prove to my IS guys that the firewall has no problems.</P> Mon, 11 Mar 2019 09:40:55 GMT https://community.cisco.com/t5/network-security/trace-traffic-on-515-firewall/m-p/687711#M1024314 tundeomogbai 2019-03-11T09:40:55Z https://community.cisco.com/t5/network-security/trace-traffic-on-515-firewall/m-p/687712#M1024315 <HTML><HEAD></HEAD><BODY><P>What kind of traffic are you trying trace..What is the problem that you are facing?</P><P></P><P>ICMP packet trace can be enabled by issuing a debug icmp trace command, to stop it enter no debug icmp trace.</P><P></P><P>Cheers</P><P>Hoogen</P></BODY></HTML> Fri, 02 Mar 2007 16:11:23 GMT https://community.cisco.com/t5/network-security/trace-traffic-on-515-firewall/m-p/687712#M1024315 hoogen_82 2007-03-02T16:11:23Z https://community.cisco.com/t5/network-security/trace-traffic-on-515-firewall/m-p/687713#M1024316 <HTML><HEAD></HEAD><BODY><P>Following is the method to take captures on PIX:</P><P> </P><P>Issue with communication between a client on inside interface and a server on outside interface.</P><P>Replace IP addresses appropriately-</P><P> </P><P>access-list cpo permit ip host <XSRC_IP> host <DST_IP></DST_IP></XSRC_IP></P><P>access-list cpo permit ip host <DST_IP> host <XSRC_IP></XSRC_IP></DST_IP></P><P></P><P>capture capo access-list cpo buffer 2000000 packet-length 1518 interface outside</P><P> </P><P>access-list cpi permit ip host <SRC_IP> host <DST_IP></DST_IP></SRC_IP></P><P>access-list cpi permit ip host <DST_IP> host <SRC_IP> </SRC_IP></DST_IP></P><P> </P><P>capture capi access-list cpi buffer 2000000 packet-length 1518 interface inside</P><P> </P><P>SRC_IP : This is the original IP address of client from where request is being</P><P> generated</P><P> </P><P>XSRC_IP : This is the translated IP address of the inside client. IP address to</P><P> which inside client is translated when going outbound.</P><P> </P><P>DST_IP : This is the Destination IP address.</P><P> </P><P>Alternatively, captures on both interfaces can be taken in a single capture file.</P><P> </P><P>access-list cap permit ip host <XSRC_IP> host <DST_IP></DST_IP></XSRC_IP></P><P>access-list cap permit ip host <DST_IP> host <XSRC_IP> </XSRC_IP></DST_IP></P><P>access-list cap permit ip host <SRC_IP> host <DST_IP></DST_IP></SRC_IP></P><P>access-list cap permit ip host <DST_IP> host <SRC_IP></SRC_IP></DST_IP></P><P></P><P>capture capio access-list cap buffer 2000000 packet-length 1518 interface outside interface inside</P><P> </P><P>To download the captures:</P><P> </P><P>using a maching with PDM access-</P><P> </P><P><A class="jive-link-custom" href="https://interface_IP/capture/capo/pcap" target="_blank">https://interface_IP/capture/capo/pcap</A></P><P>--&gt; save file as outside.cap</P><P>(Captures on outside interface)</P><P> </P><P><A class="jive-link-custom" href="https://interface_IP/capture/capi/pcap" target="_blank">https://interface_IP/capture/capi/pcap</A></P><P>--&gt; save file as inside.cap</P><P>(Captures on inside interface)</P><P> </P><P><A class="jive-link-custom" href="https://interface_IP/capture/capio/pcap" target="_blank">https://interface_IP/capture/capio/pcap</A></P><P>--&gt; save file as inout.cap</P><P>(Captures on inside and outside interface)</P><P> </P><P>If PDM is not available, captures can be sent to a TFTP server using following commands-</P><P> </P><P>copy capture:capo t<A class="jive-link-custom" href="ftp://x.x.x.x/outside.cap" target="_blank">ftp://x.x.x.x/outside.cap</A> pcap</P><P> </P><P>(Captures on outside interface of PIX, capture file will be saved as "outside.cap")</P><P> </P><P>copy capture:capi t<A class="jive-link-custom" href="ftp://x.x.x.x/inside.cap" target="_blank">ftp://x.x.x.x/inside.cap</A> pcap</P><P> </P><P>(Captures on outside interface of PIX, capture file will be saved as "inside.cap")</P><P> </P><P>copy capture:capio t<A class="jive-link-custom" href="ftp://x.x.x.x/inout.cap" target="_blank">ftp://x.x.x.x/inout.cap</A> pcap</P><P> </P><P>(Captures on inside and outside interface of PIX, capture file will be saved as "inout.cap")</P><P> </P><P>x.x.x.x : IP address of TFTP server.</P><P></P><P></P><P>------</P><P>do not forget to rate this. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P></BODY></HTML> Fri, 02 Mar 2007 18:59:05 GMT https://community.cisco.com/t5/network-security/trace-traffic-on-515-firewall/m-p/687713#M1024316 suschoud 2007-03-02T18:59:05Z