<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic ASA 5510 debug packet equivalent in Network Security</title>
    <link>https://community.cisco.com/t5/network-security/asa-5510-debug-packet-equivalent/m-p/435854#M428166</link>
    <description>&lt;P&gt;What's the equivalent PIX7.0 command for the PIX6.3 command 'debug packet'&lt;/P&gt;</description>
    <pubDate>Fri, 21 Feb 2020 08:35:31 GMT</pubDate>
    <dc:creator>Phil Williamson</dc:creator>
    <dc:date>2020-02-21T08:35:31Z</dc:date>
    <item>
      <title>ASA 5510 debug packet equivalent</title>
      <link>https://community.cisco.com/t5/network-security/asa-5510-debug-packet-equivalent/m-p/435854#M428166</link>
      <description>&lt;P&gt;What's the equivalent PIX7.0 command for the PIX6.3 command 'debug packet'&lt;/P&gt;</description>
      <pubDate>Fri, 21 Feb 2020 08:35:31 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-security/asa-5510-debug-packet-equivalent/m-p/435854#M428166</guid>
      <dc:creator>Phil Williamson</dc:creator>
      <dc:date>2020-02-21T08:35:31Z</dc:date>
    </item>
    <item>
      <title>Re: ASA 5510 debug packet equivalent</title>
      <link>https://community.cisco.com/t5/network-security/asa-5510-debug-packet-equivalent/m-p/435855#M428167</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Use the "capture" command (this is also in 6.3, debug packet has been deprecated for a while now".&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;This is a much more powerful command, allowing you to capture on both input and output interfaces simultaneously, then even save the packet capture off in pcap format so you can look at it with Sniffer/Ethereal.  Very cool command.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Sample scenario:&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Problem:  &lt;/P&gt;&lt;P&gt;User on the Inside with an IP of 192.168.1.8 is having a problem accessing&lt;/P&gt;&lt;P&gt;Cisco.com (198.133.219.25).  The user is getting NATed to 1.1.1.8 &lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Step 1:  Create ACL for both Inside and Outside Interface specifying the pre-NAT'd source and destination traffic in both directions&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Access-list out permit tcp host 1.1.1.8 host 198.133.219.25 eq 80&lt;/P&gt;&lt;P&gt;Access-list out permit tcp host 198.133.219.25 eq 80 host 1.1.1.8 &lt;/P&gt;&lt;P&gt;Access-list in permit tcp host 192.168.1.8 host 198.133.219.25 eq 80&lt;/P&gt;&lt;P&gt;Access-list in permit tcp host 198.133.219.25 eq 80 host 192.168.1.8 &lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Step 2:  Create captures on both Inside and Outside Interface&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;capture out-web access-list out buffer 700000 interface outside packet-length 1518&lt;/P&gt;&lt;P&gt;capture in-web access-list in buffer 700000 interface inside packet-length 1518 &lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Step 3:  Have Inside user access &lt;A class="jive-link-custom" href="http://www.cisco.com" target="_blank"&gt;www.cisco.com&lt;/A&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Step 4:  Copy the captures off to a TFTP server&lt;/P&gt;&lt;P&gt;copy capture:out-web t&lt;A class="jive-link-custom" href="ftp://10.1.1.10" target="_blank"&gt;ftp://10.1.1.10&lt;/A&gt; pcap&lt;/P&gt;&lt;P&gt;copy capture:in-web t&lt;A class="jive-link-custom" href="ftp://10.1.1.10" target="_blank"&gt;ftp://10.1.1.10&lt;/A&gt; pcap&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;OR copy using https:&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;http server enable&lt;/P&gt;&lt;P&gt;http 0.0.0.0 0.0.0.0 outside&lt;/P&gt;&lt;P&gt;&lt;A class="jive-link-custom" href="https://" target="_blank"&gt;https://&lt;/A&gt;&lt;PIX_IP&gt;/capture/out-web/pcap&lt;/PIX_IP&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;You can research it further here:&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/cref_txt/c.htm#wp1910869" target="_blank"&gt;http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/cref_txt/c.htm#wp1910869&lt;/A&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Wed, 14 Dec 2005 04:49:58 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-security/asa-5510-debug-packet-equivalent/m-p/435855#M428167</guid>
      <dc:creator>gfullage</dc:creator>
      <dc:date>2005-12-14T04:49:58Z</dc:date>
    </item>
  </channel>
</rss>

