Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1734
Views
0
Helpful
2
Replies

How to capture-traffic in FirePower 8000 Series Firewall

subrun.jamil
Level 1
Level 1

‎05-21-2020 03:52 PM

Hello,

How to capture-traffic in FirePower 8000 Series Firewall ? Below command does not work. But with system support trace command i verified traffic is moving. Just note that this is L2 Firewall.

 

> system support capture-traffic

Please choose domain to capture traffic from:
0 - eth0
1 - Core (Interfaces s4p3, s4p4, s4p1, s4p2, s3p3, s3p4, s3p1, s3p2, s2p3, s2p4, s2p1, s2p2)

Selection? 1

WARNING: Running tcpdump can cause performance degradation and lead to packet loss!

Please specify tcpdump options desired.
(or enter '?' for a list of supported options)
Options: -w cap.pcap -s 1518 -c 5000 host 10.7.22.25
tcpdump: listening on nfe0.1.22:nfe1.1.22:nfe2.1.22:nfe3.1.22, link-type EN10MB (Ethernet), capture size 1518 bytes
^C0 packets captured
0 packets received by filter
0 packets dropped by kernel
NS NFM Errors
Receive Errors: 0
Transmit Errors: 0
Tick Errors: 0

Labels:
0 Helpful
2 Replies 2

rogerf100
Level 1
Level 1

‎08-29-2020 06:35 PM

Maybe you should insert "vlan" word at the filter to be able to capture dot1q tagged packets.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-29-2020 09:01 PM

I'm not positive that feature (capture) is supported on a classic Firepower 8000 series. Every reference I have seen talks about it being used on devices running FTD. It may also be a limitation of L2 inline mode vs. routed mode.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card