12-29-2008 12:01 AM - edited 03-11-2019 07:30 AM
How to see the live traffic on the PIX interfaces.whether we have to use tcpdump command as we
use in Checkpoint or there are other command also to view live traffic.
12-29-2008 06:18 AM
01-04-2009 07:21 PM
Thanks a Lot
01-04-2009 07:44 PM
Pix "capture" does not show live traffics like
Checkpoint tcpdump or fw monitor. you have
to use "show capture xxx" to view traffics.
By the time you see it, it is not live anymore.
tcpdump and "fw monitor" show you actual
live traffics on the interface.
01-05-2009 05:44 AM
A PIX doesn't have tcpdump nor fw monitor. This is a PIX not a Checkpoint.
01-05-2009 06:09 AM
The original poster asked "How to see the live traffic on the PIX interfaces."
capture does not have the ability to let users
look at live traffics. That's my point.
01-05-2009 12:26 PM
hello sukh,
connect the pix inside interface through a switch, and do port mirroring on the switch to capture all traffic flowing through that pix.. use the SPAN feature of the switch to mirror the port.. as others said, there are no inbuilt command or feature in PIX, to do this functionality...
Hope this helps.. all the best..
Raj
01-05-2009 01:30 PM
A couple of things I do with either PIX or ASA to watch live traffic:
1-Syslog, just be sure to have a syslog server (easier to sift through) and log to informational level.
2-Can look at output from show conn (not as helpful but you can grep or | inc for specific ip's. This is more of a sanity type of check.
01-06-2009 08:42 AM
What version of code are you running? The ASDM is useful unless you are wanting to see more than just syslog type of traffic.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide