whether a single src to single dst pcap or network ?

ideally not recommended to keep the pcap enabled, but still less impact on asa.

instead of you deciding pcap as a source of high cpu, it would be better to check whether its a cosmetic bug or genuine bug.

regards

Rajesh

Hi,

There were 4 packet caps running on the device all were SRC to DEST.

How much CPU does each packet cap can take.

Regards,

Krishna

Pls ask if you have some other queries. Only development team can answer to ur qsn.

Cpu was alright when captures were removed so just wanted to make sure it was due to that

No. Circualr buffer was nt enabled, my question is once the buffer is full, will that lead to high CPU or not. The ASA is 5540

Hi Krishna,

We have seen this problem before on some TAC cases and we do have a Bug Defect for the same issue.

Although this Bug Defect is not resolved as we were not able to recreate the issue.

Hi,

Thanks very much replying, so ideally it should be dropping the packets once the buffer is full.

Regards,

Krishna

Here is the packet cap that was on the firewall.

Still awaiting ur reply

Hi Krishna,

Can you post the CPU status increase with the captures apllied on the ASA so that we can verify the increase.

If the capture Buffer is full , the captures would not have any impact on the ASA device and the respective interface and no further traffic would be captured.

The Bug Defect is not resolved and we were not able to recreate the issue in lab.

If you are able to recreate the issue in Lab , i would request you to open a TAC case and we might try to resolve the Bug Defect.

Thanks and Regards,

Vibhor Amrodia

E.g. CSCta43472