Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
715
Views
0
Helpful
5
Replies

PIX Traffic Capture

jameswestley
Level 1
Level 1

‎01-25-2006 04:11 AM - edited ‎02-21-2020 12:40 AM

Is it possible to capture and log all traffic going in and out of our PIX 515E firewall

0 Helpful
5 Replies 5

Patrick Laidlaw
Level 4
Level 4

‎01-25-2006 10:00 AM

Well you could setup a sniffer on the outside and the inside of your network. Use the monitor mode of a cisco switch to copy all traffic to the port your sniffer is plugged into, or use a dumb hub.

Patrick

0 Helpful

dominic.caron
Level 5
Level 5

‎01-25-2006 11:08 AM

Yes...

Create an ACL for both the inside and outside interfaces if doing NAT. The inside interface ACL should use the untranslated sourceIP and destination IP. The outside, the translated.

Create capture on both inside and outside interfaces.

capture filename access-list ### interface outside(or inside) packet-lenght 1500.

Copy the file to your pc via TFTP

copy /pcap capture:filename tftp://x.x.x.x/filename.pcap

Open with ethereal

0 Helpful

flopez
Level 1
Level 1

‎01-25-2006 01:29 PM

It is possible, but I haven't tried doing the whole network, but I don't see why it would not be possible. here is what the syntax would look like:

access-list capture permit tcp

In english:

access-list capture permit tcp 192.168.100.0 any 192.168.1.0 any

0 Helpful

srue
Level 7
Level 7
In response to flopez

‎01-25-2006 06:03 PM

any of the above answers are good. it just depends on what you want exactly. real-time monitoring? if so, go with a sniffer, eg ethereal, sniffer pro, etc... and use SPAN on a switch. If u want to capture traffic to look at later, you can use the capture command described previously here (which you can also do with a sniffer). If you just want to log all connections/sessions into and out of the firewall, syslog will do this with the appropriate logging level. you wont be able to 'look inside' the packet with this option though.

0 Helpful

nleachman
Level 1
Level 1

‎01-31-2006 11:35 AM

Hi James,

If you only need to continuosly capture the traffic there is a nice method of creating a "rolling" trace with tethereal and tcpdump. It's outlined in the doc for each of the apps; but I've pretty well worked out the cmd line switches. So if you want to save a little time reply to this post or mail me directly and I'll get you what I have.

Regards, Nick

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card