Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2825
Views
5
Helpful
4
Replies

FTD packet capture issue with the CLI when interface is inside

Go to solution
Difan_Zhao
Level 1
Level 1

‎01-26-2022 08:29 AM

I think the issue is also with the "outside" interface as well. It seems that it (the CLI) doesn't like the interface name to be the standard name. If I use another interface with a different name, it works fine. My system is 4110 with version 6.2.3.4

 

For example, this one works

> capture cap interface outside_b match udp host 10.253.0.22 host 10.8.60.44

But not this one. First of all, I can't specify "match" after the "inside" interface like I could with the above command.

> capture cap interface inside
  ethernet-type  Capture Ethernet packets of a particular type, default is IP
  headers-only   Capture only L2, L3 and L4 headers of packet without data in them
  packet-length  Configure maximum length to save from each packet, default is 1518 bytes
  trace          Trace the captured packets
  file-size      Configure size of capture file in MB (32 - 10000)

I need to add some other options before I can put in "match". That is fine. But it will give me this error when I hit enter.

> capture cap interface inside file-size 20 match udp host 10.253.0.22 host 10.8.60.44

capture cap interface inside file-size 20 match udp host 10.253.0.22 host 10.8.6                             ^0.44

ERROR: % Invalid input detected at '^' marker.

Any idea why this is the case?

Thanks!

Difan

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Sheraz.Salim
VIP
VIP
In response to Difan_Zhao

‎01-26-2022 12:18 PM

my bad thats correct. "sudo sfconsole" is introduce in 6.4 I guess but might be I am wrong. yes "system support diagnostic-cli" thats sound right.

please do not forget to rate.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Sheraz.Salim
VIP
VIP

‎01-26-2022 11:15 AM

@Difan_Zhao for your 4110 FTD appliance you managed this from FMC? If you manage this appliance from FMC you can capture the packet on FMC instead of CLI.

 

Side Note: have you tried to setup the capture from the CLISH? Command for this is sudo sfconsole

 

>expert

sudo su

sudo sfconsole

the above command will put you in FTD CLI.  

 

you can setup the capture on FTD CLI.

please do not forget to rate.

Go to solution
Difan_Zhao
Level 1
Level 1
In response to Sheraz.Salim

‎01-26-2022 11:46 AM

Hey thanks, Sheraz. Is this `sudo sfconsole` the same as the `system support diagnostic-cli`?

0 Helpful

Go to solution
Sheraz.Salim
VIP
VIP
In response to Difan_Zhao

‎01-26-2022 12:18 PM

my bad thats correct. "sudo sfconsole" is introduce in 6.4 I guess but might be I am wrong. yes "system support diagnostic-cli" thats sound right.

please do not forget to rate.
0 Helpful

Go to solution
Difan_Zhao
Level 1
Level 1

‎01-26-2022 12:35 PM

Thanks! it seems to work fine with doing pcap inside of the ASA console

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card