Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
613
Views
0
Helpful
3
Replies

Packet capture on FWSM ASDM is empty

PacketSpartan
Level 1
Level 1

‎07-12-2017 01:54 AM - edited ‎03-12-2019 02:41 AM

We've been trying to run a packet capture on our FWSM via the ASDM and the capture is not capturing any packets via any of the interfaces. 

Have also tried this via the CLI and no luck, 

Can anyone help?

PDC-FWSM-01# sh version

FWSM Firewall Version 4.1(15)
Device Manager Version 6.2(3)F

Compiled on Thu 17-Oct-13 08:11 by fwsmbld

PDC-FWSM-01 up 2 years 337 days
failover cluster up 6 years 210 days

Hardware: WS-SVC-FWM-1, 1024 MB RAM, CPU Pentium III 1000 MHz
Flash SMART ATA FLASH DISK @ 0xc321, 20MB

0: Int: GigabitEthernet0 : address is 000b.5f0d.2c00, irq 5
1: Int: GigabitEthernet1 : address is 000b.5f0d.2c00, irq 7
2: Int: EOBC0 : address is 0000.1400.0000, irq 11
The Running Activation Key is not set, using default settings:

CCNA R&S
Labels:
0 Helpful
3 Replies 3

Dinesh Moudgil
Cisco Employee
Cisco Employee

‎07-12-2017 02:03 AM

1. Are you sure the traffic is coming into FWSM ?
2. Can you please share the commands you are using from CLI?

If the packets are not coming in then it is expected that we will not get anything in captures.

You can also run the capture "capture asp type asp-drop all" and see if you get any packets getting dropped on the FWSM

Here is a document for your reference:-
https://supportforums.cisco.com/document/67346/packet-capture-firewalls-asapixfwsm

Regards
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/
0 Helpful

PacketSpartan
Level 1
Level 1
In response to Dinesh Moudgil

‎07-12-2017 02:27 AM

Hi Dinesh, 

1. This is our internal firewall and all the traffic traverses through it. So we definitely know there is traffic. 

2. I followed the following guide: 

http://www.cisco.com/c/en/us/td/docs/security/fwsm/fwsm32/configuration/guide/fwsm_cfg/troubl_f.html#wp1067860

The guide you have linked looks slightly different, I was hoping to do it via the FSWM ASDM but using the wizard it did not work. 

Does the Command  "capture asp type asp-drop all" cause a spike in CPU? otherwise, i'll have to run it out of hours

CCNA R&S
0 Helpful

Dinesh Moudgil
Cisco Employee
Cisco Employee
In response to PacketSpartan

‎07-12-2017 02:30 AM

It may or may not depending on amount of traffic and packets dropped on fwsm.
Sure, please run it after hours and run "show cap asp" to see if you observe packet drops.

Regards
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card