Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1640
Views
0
Helpful
2
Replies

ASDM/ASA trouble while capturing packets with ASDM Capture Wizard

Nigmatulin1
Level 1
Level 1

‎10-08-2010 03:37 AM - edited ‎03-11-2019 11:52 AM

Hi!

I've got ASDM v. 6.2(5) and ASA v. 8.2(2). Sometimes it's needed to make a lot of packet snifferings on ASA using Ethereal. I'd like to use Ethereal and I know how to get pcap captures from ASA with https request or within ASDM Capture Wizard. But, unfortunately, ASDM uses Interface names when creating captures on ASA. The deal is that in our organization there are "/" symbols are present in all ASA Interface names and it couldn't be changed due to a lot of monitoring/administrative tools that use these Interface manes have been set up.

So, when I let ASDM to capture packets, it's creating captures in format "asdm_cap_<interface/name>" and in this case I can't save captures on PC, or get it with https://asaIP/capture/capturename/pcap  or even to copy it from cli to another place.

Now I see only two ways to workaround this issue:

1. To make ASDM creating another capture names

2. To use special symbols within cli or https requests to let ASA know what I want to get from it.

In both ways I don't have any expectations how to implement this. Any ideas?

P.S. please don't suggest me using cli to create captures - my question is only about how to get captures created within ASDM.

Labels:
0 Helpful
2 Replies 2

Rudresh Veerappaji
Cisco Employee
Cisco Employee

‎10-08-2010 05:04 AM

Hi Marat,

I beleive you are hitting the bug CSCta40669, and you can get more details regarding this bug in the software toolkit at http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugs

But here the summary of the bug:

Captures not saved From ASDM Packet Capture Wizard

Symptom:

When using Packet Capture Wizard in Adaptive  Security Device Manager (ASDM) on Adaptive Security Appliance (ASA) or  PIX Firewall, capture files associated with interfaces that contain '/'  (forward slash) character in the name cannot be saved.

Conditions:

Interface name contains '/' character.

Workaround:

Rename the interface(s) to remove the '/' character or use the command line copy capture< /cmdbold> command instead

Now i think the workaround will not work for you as per your eariler notes. so i suggest you download one of the folloaing ASDM version which has the bug fix:


Fixed-In http://tools.cisco.com/Support/BugToolKit/images/Field%20Definitions.html
6.4(0.67)
6.3(1.68)

You can either one of the above ASDM version running with 8.2.2 as this ASA version needs 6.2.5 and later ADM versions only. You can check this in the following link:

http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.html#wp309157

I don't think the above ASDM softwares are available in ASDM. I'm not sure of the latest 6.3.5 has the fix intergarted with it, but you can try using this ASDM by downloading it from the cisco.com site -> software download section. IF it does not work, to obtain the above mentioned softwares i think you can open a TAC case if you have a contract or covered under warranty.

Let me know if this helps,

Cheers,

Rudresh V

0 Helpful

Nigmatulin1
Level 1
Level 1
In response to Rudresh Veerappaji

‎10-08-2010 06:40 AM

Thanx for your answer...

Well, when I try to enter command

copy /pcap capture: flash:

it asks for capture's name - I type  "asdm_cap_ZoneNumber/VLANnumber"

ASA says:

ERROR: context does not exist

I also can't enter the Bug Toolkit because I don't have account :-(

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card