use Capture.
Its a fantastic new tool introduced in 7.0
basically you create and acl
capture the acl
sh capture
ASA Capture Feature
The administrator needs to create an access-list that defines what traffic the ASA needs to capture. After the access-list is defined, the capture command incorporates the access-list and applies it to an interface.
ciscoasa(config)#access-list inside_test permit icmp any host 192.168.1.1
ciscoasa(config)#capture inside_interface access-list inside_test interface inside
The user pings the inside interface of the ASA (ping 192.168.1.1). This output is displayed.
ciscoasa#show capture inside_interface
1: 13:04:06.284897 192.168.1.50 > 192.168.1.1: icmp: echo request
!--- The user IP address is 192.168.1.50.
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807c35e7.shtml
http://security-planet.de/2005/07/26/cisco-pix-capturing-traffic/
HTH