Here is the doc that will give you insight for how to take packet captures:
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118097-configure-asa-00.html
If you wish to capture packets on ASA for internet traffic for any specific source, the capture will look like
captures capi interface inside match ip host x.x.x.x any
If you wish to see if the internet traffic is getting dropped for any particular host, then you can get the following captures:
cap asp type asp-drop all
show cap asp | in x.x.x.x
where x.x.x.x is the particular source IP.
NOTE:If you are capturing the traffic for many users destined to all the IPs on internet, it may degrade the performance of the ASA. You can use circular buffer option as well to captures the packets.
Moreover, if the issue is pertaining to bandwidth getting full.
Check the output of the following commands to see the status of the resources:
show resource usage
show mem
show cpu
show processes cpu-usage non-zero sorted
Look out for interface errors as well as this issue might be pertaining to bursty traffic as well.
Regards,
Dinesh Moudgil
P.S. Please rate helpful posts.
Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/