The most important tool in troubleshooting ACE is the built in capture feature. This feature will enable user to capture live packets of the intended traffic in real time. The attributes of the packet are defined by an ACL. The ACE buffers the captured packets, and you can copy the buffered contents to a file in Flash memory on the ACE or to a remote server. To avoid taxing ACE resources, it is recommended to use an ACL specific to the intended traffic for the capture. This result of the capture can be displayed via CLI or can be exported to be analyzed using a packet capture utility such as Ethereal or Wireshark.
Packet Capture Details
The ACE captures packets subject to the following guidelines:
One capture session is used per context
Capture is triggered at flow setup
Capture is configured on the client interface where the flow is received
Note: Probe traffic will not hit a security ACL, so ACLs cannot control the capture of those packets. Therefore, probe traffic cannot be captured by the packet capture utility.
If possible, you should capture packets using the ACE packet capturing utility before and after symptoms appear. Save the packet captures to a file.
ACE-CAT/ADMIN(config)# access-list TEST ?
ethertype Configure access control for ethernet-traffic for the system
extended Configure access-control for IP traffic through the system
line Line-number at which this ACL entry should be entered
remark Specify remark/comment for the access-list
resequence Re-sequence access list
ACE-CAT/ADMIN(config)# access-list TEST extended permit tcp any 172.16.55.244 0.0.0.0
Start and Stop ACL
ACE-CAT/ADMIN# capture TEST ?
all Capture packets for all interfaces
interface Interface to listen
remove Remove the packet capture configuration
start Start packet capture
stop Stop packet capture
ACE-CAT/ADMIN# capture TEST all access-list TEST bufsize 500