topic Re: Create ACL on ASA that matches on SYN flag for capture statement in Network Security

Create ACL on ASA that matches on SYN flag for capture statement

baskervi — Fri, 21 Feb 2020 15:37:59 GMT

I'm helping out a customer who is trying to make some firewall changes based on the results of a PCI audit. They have several "permit ip network1 network2" statements, and they need to restrict these to ports. I've been doing packet captures, but there is too much data through the interfaces. I'd like to match on SYN packets to decrease the amount of information I see. I've not been able to find any information on various forums that can help me out. Is this possible? Thanks

Re: Create ACL on ASA that matches on SYN flag for capture statement

Dennis Mink — Sat, 14 Apr 2018 03:57:28 GMT

why not get the whole capture and filter the capture using wireshark available filters?

Re: Create ACL on ASA that matches on SYN flag for capture statement

baskervi — Thu, 26 Apr 2018 14:41:27 GMT

Thanks for the response, Dennis. I'm getting about 5 hits on the access list over a 48 hour period, so very low level traffic. I'm remote, but they'll be able to spin up a machine to capture and filter the information on. Take care.