Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3472
Views
8
Helpful
4
Replies

Packet Capture in ASDM vs. CLI

Go to solution
Kevin Melton
Level 2
Level 2

‎03-24-2011 06:36 AM - edited ‎03-11-2019 01:12 PM

Forum

One of the features I have always loved on the ASA was the ability to use the packet capture.  If I remember correctly, I have been using this feature maybe since version 6.x in the PIX.  It has helped solve many network issues and questions.

We now of course have the feature in ASDM that allows Packet Capture also.  I have had a quesiton for a long time, but had not posted it as I dont often think of it.  Today I found myself working at a client site and was working with Packet Captures and ACL's, and it made me remember the question.  here goes:

When building a capture on the CLI, we have some prerequites.  First we need an ACL to match for interesting traffic for the capture buffer.  Then we name the capture, and reference the ACL while applying to an interface.  This is all we need to do to get the capture up and running.

When building a capture on the ASDM, we have some options for building out just like in CLI.  You can pick whatever ACL you want to use that ASDM sees configured on the box, or you can "Manage" the ACL's ( and I guess create a new one) by hitting the "Manage" button.

The one thing that is different is that the ASDM Packet Capture Wizard wants an "ingress" and "egress" interface for the Wizard.  There does not seem to be a way to only capture on one (1) interface in the Packet Capture Wizard in ASDM.

So the question at hand would be "Can one use the ASDM Packet Capture Wizard and only assign one interface, and if so, how?

Thanks

Kevin

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Shrikant Sundaresh
Cisco Employee
Cisco Employee
In response to Kevin Melton

‎04-11-2011 11:22 AM

Hi Kevin,

I myself am a huge fan of the CLI for taking captures and for troubleshooting as well.

However, we generally do apply captures on two interfaces, to see the packet entering, and packet leaving the ASA.

I tried capturing using only ingress interface on the ASDM, but i don't think that would be possible.

The good thing though is that it applies two different captures, and does not combine the ingress and egress parameters.

So essentially, the packet capture wizard is allowing you to setup two separate captures on two separate interfaces.

I do agree, that sometimes we use captures only on one interface just to see if a particular traffic is even reaching the ASA or not.

Unfortunately, I think all we can do in the ASDM for this scenario, is to ignore the parameters in the egress interface screen, and the captured packets that follow. A better configuration would be to configure traffic for the egress interface, which is not expected at all, so we don't see unnecessary data.

-Shrikant

View solution in original post

0 Helpful
4 Replies 4

Go to solution
csaxena
Cisco Employee
Cisco Employee

‎03-24-2011 08:59 PM

Hello Kevin,

Please refer to this document for details:

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080a9edd6.shtml#configurationPACKETCAP

Hope this helps. Please reply back if you need more info.

Regards,

Chirag

P.S.: please mark this post as answered if you feel your query is resolved. Do rate helpful posts.

Go to solution
Kevin Melton
Level 2
Level 2
In response to csaxena

‎04-11-2011 08:32 AM

I already had that manual. The reason I had posted the question out to this Forum was due to the fact that in the manual, it only discusses using an Ingress and egress interface.  That is why I posted what I posted.

I do appreciate you throwing the manual back to me though.  I am still looking for the answer to my original question, which is:

Can Packet Capture in the ASDM be used with only an Ingress or Egress (and NOT both) like it can be in CLI?

Thanks

0 Helpful

Go to solution
Shrikant Sundaresh
Cisco Employee
Cisco Employee
In response to Kevin Melton

‎04-11-2011 11:22 AM

Hi Kevin,

I myself am a huge fan of the CLI for taking captures and for troubleshooting as well.

However, we generally do apply captures on two interfaces, to see the packet entering, and packet leaving the ASA.

I tried capturing using only ingress interface on the ASDM, but i don't think that would be possible.

The good thing though is that it applies two different captures, and does not combine the ingress and egress parameters.

So essentially, the packet capture wizard is allowing you to setup two separate captures on two separate interfaces.

I do agree, that sometimes we use captures only on one interface just to see if a particular traffic is even reaching the ASA or not.

Unfortunately, I think all we can do in the ASDM for this scenario, is to ignore the parameters in the egress interface screen, and the captured packets that follow. A better configuration would be to configure traffic for the egress interface, which is not expected at all, so we don't see unnecessary data.

-Shrikant

0 Helpful

Go to solution
Kevin Melton
Level 2
Level 2
In response to Shrikant Sundaresh

‎04-11-2011 11:50 AM

Shrikant

Thanks for taking the time to submit such a thorough answer.  This is what I had been looking for.  You have provided me with a sanity check.

Thank You

Kevin

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card