ā09-01-2013 09:07 PM - edited ā03-11-2019 07:33 PM
hi all,
i've got few ASA 5510 currently in production that i want to capture some packets. i tried to look for docs or link if the capture command will cause any effect or impact on the ASA performance but i only saw this doc in cisco and some cisco white papers.
https://supportforums.cisco.com/docs/DOC-17345
could someone confirm on this? thanks in advance.
Solved! Go to Solution.
ā09-01-2013 09:39 PM
Hello,
My recomendation is make sure you use it only when you needed.
Captures will take CPU to run and Memory to store the information captured so make sure you only use it while troubleshooting.
I do remember once a customer was having 90 % CPU but he had like 5 captures running on the ASA, Circular buffer and catching a lot of stuff.
Note: If you are capturing traffic from 2 end-stations and you know there is no much traffic going on there then you should not be aware of something. Nothing will happen.
For more information about Core and Security Networking follow my website at http://laguiadelnetworking.
Any question contact me at jcarvaja@laguiadelnetworking.com
Cheers,
Julio Carvajal Segura
ā09-01-2013 11:20 PM
Hi,
I tend to use the packet capture a lot in the ASA. Mostly in the cases where the customer/user doesnt give a good description on what the problem is.
I use it on pretty much every model we have. ASAs, PIXs and FWSMs. To this day I have not run into any problems using the packet capture on the ASAs even multiple of them running at one time. I might have 1-3 captures active on a single device depending on the customer network in question.
So I would imagine that you wont run into any problems unless your device is already on its limit of resources.There was some discussion here recently that I think mentioned some problem related to capturing traffic that was caused by a bug.
- Jouni
ā09-01-2013 09:39 PM
Hello,
My recomendation is make sure you use it only when you needed.
Captures will take CPU to run and Memory to store the information captured so make sure you only use it while troubleshooting.
I do remember once a customer was having 90 % CPU but he had like 5 captures running on the ASA, Circular buffer and catching a lot of stuff.
Note: If you are capturing traffic from 2 end-stations and you know there is no much traffic going on there then you should not be aware of something. Nothing will happen.
For more information about Core and Security Networking follow my website at http://laguiadelnetworking.
Any question contact me at jcarvaja@laguiadelnetworking.com
Cheers,
Julio Carvajal Segura
ā09-01-2013 10:39 PM
hey julio,
thanks for your feedback! so far, cpu's quiet.
i just want to check one instance only, so i guess it wouldn't hurt to fire this command.
# sh cpu usage
CPU utilization for 5 seconds = 2%; 1 minute: 2%; 5 minutes: 2%
# sh ve
Cisco Adaptive Security Appliance Software Version 8.2(5)
Device Manager Version 6.2(3)
Compiled on Fri 20-May-11 16:00 by builders
System image file is "disk0:/asa825-k8.bin"
Config file at boot was "startup-config"
Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1599 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
ā09-01-2013 11:20 PM
Hi,
I tend to use the packet capture a lot in the ASA. Mostly in the cases where the customer/user doesnt give a good description on what the problem is.
I use it on pretty much every model we have. ASAs, PIXs and FWSMs. To this day I have not run into any problems using the packet capture on the ASAs even multiple of them running at one time. I might have 1-3 captures active on a single device depending on the customer network in question.
So I would imagine that you wont run into any problems unless your device is already on its limit of resources.There was some discussion here recently that I think mentioned some problem related to capturing traffic that was caused by a bug.
- Jouni
ā09-01-2013 11:50 PM
jouni,
thanks for joining in and sharing a personal tip!
this gave me a confidence boost to try this out.
ā09-01-2013 11:26 PM
Hello John,
Exactly no worries at all
But remember this feature is used for troubleshooting purposes no need to let it running if you do not needed.
And just to be safe make it as Specific as Possible . That's the keyword.
For more information about Core and Security Networking follow my website at http://laguiadelnetworking.
Any question contact me at jcarvaja@laguiadelnetworking.com
Cheers,
Julio Carvajal Segura
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide