Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
500
Views
5
Helpful
2
Replies

What is difference 'capture' and 'capture-traffic' in Firepower?

HWAN
Level 1
Level 1

‎08-02-2022 01:34 AM

Hi teams,

As to my knowledge, there are two command about capturing packet in FTD.

First, 'capture' command like ASA command. Second, 'capture-traffic' command based on tcpdump I think.

These two command divided into where I capture starts like below picture.

1.png

So, I checked these two command in person at virtual environment(Decrypting SSL traffic by resign).

But, the output was same each other.

[1.LIna capture / using capture command]

2(lina).png

[2.Snort capture / using capture-traffic command]

3(snort).png

I think It may no ssl/tls process in lina capture file because it didn't pass the snort engine(DAQ or ssl decrpyt).

But I can see all ssl/tls process. So, I was confused.

Am I missing something?

Thank you.

 

2 Replies 2

MHM Cisco World
VIP
VIP

‎08-02-2022 01:59 AM

make SNORT drop the traffic and see the different.

0 Helpful

Marius Gunnerud
VIP
VIP

‎08-03-2022 01:42 AM

The commands provide the same information, the only difference is where the capture is taken so to help identify where packets might be dropped.

to see the SNORT process verdicts, you can use the command system support trace.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card