capture traffic to/from host on PIX

gavin han · ‎10-29-2010

Hi,

I've ACL configured on PIX to allow any traffic to and from 192.168.154.23. I want to capture the traffic coming in and going out to the server 192.168.154.23. how do i do that on PIX?

Please advice...Thanks..

Maykol Rojas · ‎10-29-2010

Hello,

It would be

access-list capture permit ip any host 192.168.154.23

access-list capture permit ip host 192.168.154.23 any

capture capin access-list capin interface inside

Links for reference

Pix 7.2 and later
http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/c1_72.html#wp2034121

Pix 6.3
http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/c.html#wp1053548

You can fit the commands to for the capture to match your scenario.

Hope it helps.

Mike

Srikanth K. S · ‎10-30-2010

I've ACL configured on PIX to allow any traffic to and from 192.168.154.23. I want to capture the traffic coming in and going out to the server 192.168.154.23. how do i do that on PIX?

Hi Gavin,

The acl given below would be the acl used to capture traffic.

access-list capture permit ip any host 192.168.154.23

access-list capture permit ip host 192.168.154.23 any

The capture has to be applied both on the inside and outside interface to capture packets coming to and going out of the server.

capture capin access-list capture interface inside

capture capout access-list capture interface outside

You can view the report by giving the command

sh cap capin (This would show the packets hitting the inside interface destined to any host from the server)

sh cap capout (This would show the packets hitting the outside interface from outside destined for the server).

Hope this helps.Good luck.

Regards,

Srikanth.