Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6163
Views
5
Helpful
4
Replies

Wireshark packet capture on ASA 5510

Go to solution
shivudu1984
Level 1
Level 1

‎01-21-2011 01:06 PM - edited ‎03-11-2019 12:38 PM

Hi Guys

I would like to analyze the traffic flow on my ASA5510. can i actually monitor the interface on the ASA 5510 (be it inside or outside) using Wireshark without having to create capture access-lists. i use wireshark to monitor my local machine by configuring wireshark to monitor my local interface. can i do that to the firewall (i.e pointing wireshark to monitor ASA's interface directly)

thanks

Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
cadet alain
VIP Alumni
VIP Alumni

‎01-21-2011 02:44 PM

Hi,

No it's impossible. The only way to do is to capture packet on the ASA and then export the capture as pcap file which you can analyse with

wireshark on your pc

Regards.

Alain.

Don't forget to rate helpful posts.

View solution in original post

0 Helpful

Go to solution
shzaman
Level 1
Level 1

‎01-21-2011 11:03 PM

Hi,

Wanted to add something, I am not sure what is real purpose but if the issue is only about capture ACL then starting 7.2(1) you may use 'match' option with 'capture' command to avoid ACL writing. If avoiding ACL is not the real question then you may also use SPAN on switch port at which ASA is connected and see the packets on SPAN destination PC (using wireshark). Pointing PC to directly start showing captures without starting capture on ASA or without capturing traffic from connected device is not possible as mentioned by user 'Alain (cadetalain)'. ASDM also has option for captures.

-Shahid

View solution in original post

0 Helpful

Go to solution
jubetz
Level 1
Level 1

‎01-22-2011 11:29 AM

You should consider SPAN or RSPAN on the switch(es) that the ASA connect to.  You could use SPAN to send a copy of all traffic to/from the ASA to your PC and capture it in wireshark.

View solution in original post

4 Replies 4

Go to solution
cadet alain
VIP Alumni
VIP Alumni

‎01-21-2011 02:44 PM

Hi,

No it's impossible. The only way to do is to capture packet on the ASA and then export the capture as pcap file which you can analyse with

wireshark on your pc

Regards.

Alain.

Don't forget to rate helpful posts.
0 Helpful

Go to solution
shzaman
Level 1
Level 1

‎01-21-2011 11:03 PM

Hi,

Wanted to add something, I am not sure what is real purpose but if the issue is only about capture ACL then starting 7.2(1) you may use 'match' option with 'capture' command to avoid ACL writing. If avoiding ACL is not the real question then you may also use SPAN on switch port at which ASA is connected and see the packets on SPAN destination PC (using wireshark). Pointing PC to directly start showing captures without starting capture on ASA or without capturing traffic from connected device is not possible as mentioned by user 'Alain (cadetalain)'. ASDM also has option for captures.

-Shahid

0 Helpful

Go to solution
jubetz
Level 1
Level 1

‎01-22-2011 11:29 AM

You should consider SPAN or RSPAN on the switch(es) that the ASA connect to.  You could use SPAN to send a copy of all traffic to/from the ASA to your PC and capture it in wireshark.

Go to solution
shivudu1984
Level 1
Level 1
In response to jubetz

‎01-22-2011 06:46 PM

Thanks guys for your suggestions..

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card