Episode Information
Episode Name: Episode 1 - Using the ASA Packet Capture Utility for Troubleshooting
Contributors: Jay Johnston, Blayne Dreier, David White Jr., Magnus Mortensen
Posting Date: May 29th, 2009
Description: In this episode, Cisco TAC engineers discuss the new RSS feed for customer issues currently being seen in the TAC. Learn how to resolve connectivity issues using the packet capture utility built in to the Cisco Adaptive Security Appliance (ASA), PIX Firewall, and Firewall Services Module (FWSM)platforms.
Listen Now (MP3 53.8 MB; 39:12 mins)
Subscribe to the Podcast in iTunes by pasting the following link into your browser (which should launch iTunes) where you can subscribe to the podcast.
itpc://www.cisco.com/cdc_content_elements/rss/security_podcast/security_tac_pcast.xml
Alternatively, you can search within iTunes for Cisco TAC Security Podcast, and subscribe there. By subscribing, you will automatically receive future episodes when they are posted.
For users who would like an alternative method for subscribing, you can add the following URL into your favorite RSS reader, and subscribe to that feed.
http://www.cisco.com/cdc_content_elements/rss/security_podcast/security_tac_pcast.xml
Episode Show Notes
The following example shows the use of the 'match' argument with packet captures:
ciscoasa# capture in interface inside buffer 2000000
ciscoasa# capture in match ip any host 192.85.1.3
ciscoasa#
ciscoasa# capture out interface outside buffer 2000000
ciscoasa# capture out match ip any host
ciscoasa#
ciscoasa# show capture capture in type raw-data buffer 2000000
interface inside buffer 2000000 interface inside [Capturing - 586 bytes]
match ip any host 192.85.1.3
capture out type raw-data buffer 2000000 interface GAT_outside [Capturing - 922 bytes]
match ip any host 192.85.1.3
ciscoasa#
ciscoasa# show cap in
ciscoasa# show cap in
6 packets captured
1: 12:04:06.482625 192.85.1.3 > 192.85.1.2: icmp: echo request
2: 12:04:06.482915 192.85.1.2 > 192.85.1.3: icmp: echo reply
3: 12:04:07.478216 192.85.1.3 > 192.85.1.2: icmp: echo request
4: 12:04:07.478307 192.85.1.2 > 192.85.1.3: icmp: echo reply
5: 12:04:08.478139 192.85.1.3 > 192.85.1.2: icmp: echo request
6: 12:04:08.478231 192.85.1.2 > 192.85.1.3: icmp: echo reply
ciscoasa#
About the Cisco TAC Security Podcast
The Cisco TAC Security Podcast Series is created by Cisco TAC engineers. Each episode provides an in-depth technical discussion of Cisco product security features, with emphasis on troubleshooting.
Complete episode listing and show information