https://community.cisco.com/t5/network-security/asa-capture-files-not-being-read-by-wireshark/m-p/1342054#M794878 <HTML><HEAD></HEAD><BODY><P>I am still having difficulty "leveraging" with the "/pcap" parameter. Where exactly in the copy command does it belong. I have tried it everywher and the ASA is just not liking it...</P></BODY></HTML> Thu, 20 Aug 2009 20:53:30 GMT Kevin Melton 2009-08-20T20:53:30Z https://community.cisco.com/t5/network-security/asa-capture-files-not-being-read-by-wireshark/m-p/1342052#M794876 <P>I took some capture files this morning on our ASA appliance. I actually view the packets being captured with the real time command. Once I had what I needed, I ended the capture. I then FTP the trace files to my workstation, opened Wireshark to then point to the files. I keep getting this message when I try to open the files::The file "C:\FTProot\lori_ip" isn't a capture file in a format Wireshark understands. I have tried using both a .pcap and a .cap extension. I am still getting the same error message.</P><P>Wireshark is opening other files just fine.</P> Mon, 11 Mar 2019 16:08:06 GMT https://community.cisco.com/t5/network-security/asa-capture-files-not-being-read-by-wireshark/m-p/1342052#M794876 Kevin Melton 2019-03-11T16:08:06Z https://community.cisco.com/t5/network-security/asa-capture-files-not-being-read-by-wireshark/m-p/1342053#M794877 <HTML><HEAD></HEAD><BODY><P>When transferring the capture files, you must be sure to leverage the '/pcap' parameter to copy the file as a valid *.pcap file. You probably downloaded the file as the textual version. You may still be able to glean some information from the file if you open it within a text viewer.</P><P></P><P>You can also download the files leveraging the following URL:</P><P></P><P><A class="jive-link-custom" href="https://" target="_blank">https://</A><IP_ADDR>/capture/<CAPTURE_NAME>/pcap</CAPTURE_NAME></IP_ADDR></P><P></P><P>Here's a helpful link for the packet capture feature:</P><P></P><P><A class="jive-link-custom" href="http://www.nortfm.com/?View=entry&amp;EntryID=1" target="_blank">http://www.nortfm.com/?View=entry&amp;EntryID=1</A></P></BODY></HTML> Thu, 20 Aug 2009 20:39:02 GMT https://community.cisco.com/t5/network-security/asa-capture-files-not-being-read-by-wireshark/m-p/1342053#M794877 Kevin Redmon 2009-08-20T20:39:02Z https://community.cisco.com/t5/network-security/asa-capture-files-not-being-read-by-wireshark/m-p/1342054#M794878 <HTML><HEAD></HEAD><BODY><P>I am still having difficulty "leveraging" with the "/pcap" parameter. Where exactly in the copy command does it belong. I have tried it everywher and the ASA is just not liking it...</P></BODY></HTML> Thu, 20 Aug 2009 20:53:30 GMT https://community.cisco.com/t5/network-security/asa-capture-files-not-being-read-by-wireshark/m-p/1342054#M794878 Kevin Melton 2009-08-20T20:53:30Z https://community.cisco.com/t5/network-security/asa-capture-files-not-being-read-by-wireshark/m-p/1342055#M794879 <HTML><HEAD></HEAD><BODY><P>Hi Kevin,</P><P></P><P>Using the capture command, the syntax would look like this:</P><P></P><P>copy /pcap capture:[context/]<CAPTURE_NAME> <DESTINATION></DESTINATION></CAPTURE_NAME></P><P></P><P>Here is a link to the command reference also:</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/c4.html#wp2123161" target="_blank">http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/c4.html#wp2123161</A></P><P></P><P>Hope that helps.</P><P></P><P>-Mike</P></BODY></HTML> Fri, 21 Aug 2009 17:00:31 GMT https://community.cisco.com/t5/network-security/asa-capture-files-not-being-read-by-wireshark/m-p/1342055#M794879 robertson.michael 2009-08-21T17:00:31Z