Where can I find a good tutorial on the packet capture tool for the PIX/IDS? Basically, I want to capture packets that are being passed/denied by a certan rule, or packets that are being denied by default. I am really only familiar with the PDM/ASDM interface, so I would need some additional help mapping a numbered rule from PDM to a named rule for the cli.
To enable packet capturing, attach the capture to an interface with the interface option. Multiple interface statements attach the capture to multiple interfaces.
A packet must pass both the Ethernet and access list filters before the packet is stored in the capture buffer.
Useful Capture command:
No capture command with either the access-list or interface option unless you want to clear the capture itself. No capture without options deletes the capture. If the access-list option is specified, the access list is removed from the capture and the capture is preserved. If the interface option is specified, the capture is detached from the specified interface and the capture is preserved.
Clear capture capture_name - command will clear the capture buffer.