10-15-2013 08:33 AM - edited 03-07-2019 04:03 PM
I need to capture all the traffic between our client's ASA 5505 and their PBX. I would like to set up a packet capture using the wizard in the ASDM if possible, but it seems like I can only capture the traffic going one direction. Is it possible to capture all traffice to and from the PBX? If so, how?
Solved! Go to Solution.
10-16-2013 01:55 PM
From this article set up a capture.
ASA Capture Feature
The administrator needs to create an access-list that defines what traffic the ASA needs to capture. After the access-list is defined, the capture command incorporates the access-list and applies it to an interface.
ciscoasa(config)#access-list inside_test permit icmp any host 192.168.1.1 ciscoasa(config)#capture inside_interface access-list inside_test interface inside
The user pings the inside interface of the ASA (ping 192.168.1.1). This output is displayed.
ciscoasa#show capture inside_interface
1: 13:04:06.284897 192.168.1.50 > 192.168.1.1: icmp: echo request
!--- The user IP address is 192.168.1.50.
Note: In order to download the capture file to a system such as ethereal, you can do it as this output shows.
!--- Open an Internet Explorer and browse with this https link format: https://[/ ]/capture/ /pcap
10-15-2013 08:37 AM
I'm unaware that ASA5505 have such capability. Your best bet is to perform SPAN if there's any switch in between.
Edit: I've just recalled there's a 'capture' feature on ASA.
https://supportforums.cisco.com/docs/DOC-17345
Sent from Cisco Technical Support iPhone App
10-15-2013 09:02 AM
Hi,
The ASA 5505 has a built-in switch that suports SPAN:http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/int5505.html
Regards
Alain
Don't forget to rate helpful posts.
10-16-2013 07:09 AM
I'm looking for steps on how to set up a packet capture on the ASA5505 that will capture all traffic on the internal interface to and from a particular IP address. I have a strong preference for using the capture wizard in ASDM, but command line would be better than nothing.
I have not been able to find the answer to my question in the documentation provided.
10-16-2013 01:55 PM
From this article set up a capture.
ASA Capture Feature
The administrator needs to create an access-list that defines what traffic the ASA needs to capture. After the access-list is defined, the capture command incorporates the access-list and applies it to an interface.
ciscoasa(config)#access-list inside_test permit icmp any host 192.168.1.1 ciscoasa(config)#capture inside_interface access-list inside_test interface inside
The user pings the inside interface of the ASA (ping 192.168.1.1). This output is displayed.
ciscoasa#show capture inside_interface
1: 13:04:06.284897 192.168.1.50 > 192.168.1.1: icmp: echo request
!--- The user IP address is 192.168.1.50.
Note: In order to download the capture file to a system such as ethereal, you can do it as this output shows.
!--- Open an Internet Explorer and browse with this https link format: https://[/ ]/capture/ /pcap
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide