Cisco FWSM - How to check if packets are being dropped on a fwsm interface

cosimotodaro · ‎01-17-2013

Hi,

I want to check whether packets are being dropped on a FWSM interface. How to do this?

I was reading some Cisco documentation and the 'packets dropped' shown under the interface is not what I thought it meant

Interface Vlan100 "backbone", is up, line protocol is up

MAC address 001b.2a13.6fc0, MTU 1500

IP address 10.237.100.22, subnet mask 255.255.254.0

Traffic Statistics for "backbone":

202841061915 packets input, 199799113322222 bytes

28922941827 packets output, 3125943828129 bytes

9853070 packets dropped

Julio Carvajal · ‎01-17-2013

Hello,

Do captures...

Lets say you think the ASA is dropping HTTPS traffic between 2 hosts so you could create a capture specifing the interfaces where that traffic gets and leaves ( example inside-outside)

capture capin interface inside match tcp any any eq https

capture capout interface outside match tcp any any eq https

Then you do a show cap capin or show cap capout

if you see packets only on one side then that would mean packets are getting dropped on that interface as they are not reaching the other interface..

THE EASIEST capture

cap asp type asp-drop all circular-buffer

This will capture all of the packets being dropped by the FWSM

so

show cap asp | include x.x.x.x

Will show you the packets being dropped for that particular ip ( x.x.x.)

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

cosimotodaro · ‎02-11-2013

Hi,

Thanks for your reply and sorry for the delay. I will try to do that, however it's not a Cisco ASA, but a Cisco FWSM.

Regards

Julio Carvajal · ‎02-11-2013

Hello,

Either way The capture will work.,

Follow the instructions and keep us posted

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC