Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1439
Views
0
Helpful
5
Replies

Will capture Command Cause Any Impact?

Go to solution
johnlloyd_13
Level 9
Level 9

‎09-01-2013 09:07 PM - edited ‎03-11-2019 07:33 PM

hi all,

i've got few ASA 5510 currently in production that i want to capture some packets. i tried to look for docs or link if the capture command will cause any effect or impact on the ASA performance but i only saw this doc in cisco and some cisco white papers.

https://supportforums.cisco.com/docs/DOC-17345

could someone confirm on this? thanks in advance.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎09-01-2013 09:39 PM

Hello,

My recomendation is make sure you use it only when you needed.

Captures will take CPU to run and Memory to store the information captured so make sure you only use it while troubleshooting.

I do remember once a customer was having 90 % CPU but he had like 5 captures running on the ASA, Circular buffer and catching a lot of stuff.

Note: If you are capturing traffic from 2 end-stations and you know there is no much traffic going on there then you should not be aware of something. Nothing will happen.

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to johnlloyd_13

‎09-01-2013 11:20 PM

Hi,

I tend to use the packet capture a lot in the ASA. Mostly in the cases where the customer/user doesnt give a good description on what the problem is.

I use it on pretty much every model we have. ASAs, PIXs and FWSMs. To this day I have not run into any problems using the packet capture on the ASAs even multiple of them running at one time. I might have 1-3 captures active on a single device depending on the customer network in question.

So I would imagine that you wont run into any problems unless your device is already on its limit of resources.There was some discussion here recently that I think mentioned some problem related to capturing traffic that was caused by a bug.

- Jouni

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎09-01-2013 09:39 PM

Hello,

My recomendation is make sure you use it only when you needed.

Captures will take CPU to run and Memory to store the information captured so make sure you only use it while troubleshooting.

I do remember once a customer was having 90 % CPU but he had like 5 captures running on the ASA, Circular buffer and catching a lot of stuff.

Note: If you are capturing traffic from 2 end-stations and you know there is no much traffic going on there then you should not be aware of something. Nothing will happen.

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
johnlloyd_13
Level 9
Level 9
In response to Julio Carvajal

‎09-01-2013 10:39 PM

hey julio,

thanks for your feedback! so far, cpu's quiet.

i just want to check one instance only, so i guess it wouldn't hurt to fire this command.

# sh cpu usage 

CPU utilization for 5 seconds = 2%; 1 minute: 2%; 5 minutes: 2%

# sh ve

Cisco Adaptive Security Appliance Software Version 8.2(5)

Device Manager Version 6.2(3)

Compiled on Fri 20-May-11 16:00 by builders

System image file is "disk0:/asa825-k8.bin"

Config file at boot was "startup-config"

up 114 days 3 hours

Hardware:   ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1599 MHz

Internal ATA Compact Flash, 256MB

BIOS Flash M50FW080 @ 0xffe00000, 1024KB

0 Helpful

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to johnlloyd_13

‎09-01-2013 11:20 PM

Hi,

I tend to use the packet capture a lot in the ASA. Mostly in the cases where the customer/user doesnt give a good description on what the problem is.

I use it on pretty much every model we have. ASAs, PIXs and FWSMs. To this day I have not run into any problems using the packet capture on the ASAs even multiple of them running at one time. I might have 1-3 captures active on a single device depending on the customer network in question.

So I would imagine that you wont run into any problems unless your device is already on its limit of resources.There was some discussion here recently that I think mentioned some problem related to capturing traffic that was caused by a bug.

- Jouni

0 Helpful

Go to solution
johnlloyd_13
Level 9
Level 9
In response to Jouni Forss

‎09-01-2013 11:50 PM

jouni,

thanks for joining in and sharing a personal tip!

this gave me a confidence boost to try this out.

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to johnlloyd_13

‎09-01-2013 11:26 PM

Hello John,

Exactly no worries at all

But remember this feature is used for troubleshooting purposes no need to let it running if you do not needed.

And just to be safe make it as Specific as Possible . That's the keyword.

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card