topic Re: FTD packet capture issue with the CLI when interface is inside in Network Security

FTD packet capture issue with the CLI when interface is inside

Difan_Zhao — Wed, 26 Jan 2022 16:29:24 GMT

I think the issue is also with the "outside" interface as well. It seems that it (the CLI) doesn't like the interface name to be the standard name. If I use another interface with a different name, it works fine. My system is 4110 with version 6.2.3.4

For example, this one works

> capture cap interface outside_b match udp host 10.253.0.22 host 10.8.60.44

But not this one. First of all, I can't specify "match" after the "inside" interface like I could with the above command.

> capture cap interface inside
  ethernet-type  Capture Ethernet packets of a particular type, default is IP
  headers-only   Capture only L2, L3 and L4 headers of packet without data in them
  packet-length  Configure maximum length to save from each packet, default is 1518 bytes
  trace          Trace the captured packets
  file-size      Configure size of capture file in MB (32 - 10000)

I need to add some other options before I can put in "match". That is fine. But it will give me this error when I hit enter.

> capture cap interface inside file-size 20 match udp host 10.253.0.22 host 10.8.60.44

capture cap interface inside file-size 20 match udp host 10.253.0.22 host 10.8.6                             ^0.44

ERROR: % Invalid input detected at '^' marker.

Any idea why this is the case?

Thanks!

Difan

Re: FTD packet capture issue with the CLI when interface is inside

Sheraz.Salim — Wed, 26 Jan 2022 19:15:47 GMT

@Difan_Zhao for your 4110 FTD appliance you managed this from FMC? If you manage this appliance from FMC you can capture the packet on FMC instead of CLI.

Side Note: have you tried to setup the capture from the CLISH? Command for this is sudo sfconsole

>expert

sudo su

sudo sfconsole

the above command will put you in FTD CLI.

you can setup the capture on FTD CLI.

Re: FTD packet capture issue with the CLI when interface is inside

Difan_Zhao — Wed, 26 Jan 2022 19:46:56 GMT

Hey thanks, Sheraz. Is this `sudo sfconsole` the same as the `system support diagnostic-cli`?

Re: FTD packet capture issue with the CLI when interface is inside

Sheraz.Salim — Wed, 26 Jan 2022 20:18:44 GMT

my bad thats correct. "sudo sfconsole" is introduce in 6.4 I guess but might be I am wrong. yes "system support diagnostic-cli" thats sound right.

Re: FTD packet capture issue with the CLI when interface is inside

Difan_Zhao — Wed, 26 Jan 2022 20:35:59 GMT

Thanks! it seems to work fine with doing pcap inside of the ASA console