cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1811
Views
10
Helpful
2
Replies

Cisco ASA packet capture

vsurresh
Level 1
Level 1

Hello.

Is there a way to capture traffic sourced from the ASA itself? For example, how can I capture ICMP unreachable message being sent from the ASA to the Internet? 

 

ASA-------OUTISDE-INTERFACE---------INTERNET

 

Which ingress interface should I choose while setting up the capture?

 

EDIT - I tried the below but it didn't work

 

asa#capture test match icmp any host 93.184.216.34

asat# ping 93.184.216.34
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 93.184.216.34, timeout is 2 seconds:
!!!!!

asat# show capture
capture testtype raw-data [Capturing - 0 bytes]
match icmp any host 93.184.216.34

 

Thanks

1 Accepted Solution

Accepted Solutions

Sheraz.Salim
VIP Alumni
VIP Alumni

 

Is there a way to capture traffic sourced from the ASA itself? For example, how can I capture ICMP unreachable message being sent from the ASA to the Internet?

 

ASA-------OUTISDE-INTERFACE---------INTERNET

 

Which ingress interface should I choose while setting up the capture?

 

 

 

 

caputer ASP type asp-drop

!

show capture ASP

!

show asp drop

!

capture ICMP interface outside match icmp host x.x.x.x.x any  (Where x.x.x.x is your public outside ip address).

!

capture ICMP interface outside match icmp host x.x.x.x.x any  (Where x.x.x.x is your public outside ip address).

74: 14:25:54.551241       81.201.117.87 > mypublicip icmp: net 3.3.3.10 unreachable
  75: 14:25:54.551347       81.201.117.83 > mypublicip icmp: net 3.3.3.2 unreachable
  76: 14:25:54.555757       81.201.117.83 > mypublicip icmp: net 3.3.3.20 unreachable
  77: 14:25:54.555909       81.201.117.87 > mypublicip icmp: net 3.3.3.10 unreachable
  78: 14:25:54.559541       81.201.117.87 > mypublicip icmp: net 3.3.3.2 unreachable
  79: 14:25:54.559617       81.201.117.83 > mypublicip icmp: net 3.3.3.20 unreachable
  80: 14:25:54.566407       81.201.117.87 > mypublicip icmp: net 3.3.3.10 unreachable

 

please do not forget to rate.

View solution in original post

2 Replies 2

Sheraz.Salim
VIP Alumni
VIP Alumni

 

Is there a way to capture traffic sourced from the ASA itself? For example, how can I capture ICMP unreachable message being sent from the ASA to the Internet?

 

ASA-------OUTISDE-INTERFACE---------INTERNET

 

Which ingress interface should I choose while setting up the capture?

 

 

 

 

caputer ASP type asp-drop

!

show capture ASP

!

show asp drop

!

capture ICMP interface outside match icmp host x.x.x.x.x any  (Where x.x.x.x is your public outside ip address).

!

capture ICMP interface outside match icmp host x.x.x.x.x any  (Where x.x.x.x is your public outside ip address).

74: 14:25:54.551241       81.201.117.87 > mypublicip icmp: net 3.3.3.10 unreachable
  75: 14:25:54.551347       81.201.117.83 > mypublicip icmp: net 3.3.3.2 unreachable
  76: 14:25:54.555757       81.201.117.83 > mypublicip icmp: net 3.3.3.20 unreachable
  77: 14:25:54.555909       81.201.117.87 > mypublicip icmp: net 3.3.3.10 unreachable
  78: 14:25:54.559541       81.201.117.87 > mypublicip icmp: net 3.3.3.2 unreachable
  79: 14:25:54.559617       81.201.117.83 > mypublicip icmp: net 3.3.3.20 unreachable
  80: 14:25:54.566407       81.201.117.87 > mypublicip icmp: net 3.3.3.10 unreachable

 

please do not forget to rate.

That worked, thank you

Review Cisco Networking for a $25 gift card