Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
518
Views
0
Helpful
2
Replies

Is there a correct syntax for CAPTURE?

lchance
Level 1
Level 1

‎09-29-2011 08:06 AM

I'm trying to build a packet capture on all UDP on the INSIDE interface but I want to omit any UDP on port 4163.

Is this even possible with the capture statements AND - does anyone know of a PDF which documents the full set and use of this CAPTURE command?

An example of what I've been trying, which I have yet to make it workout correctly.

capture Any-UDP-INSIDE-no-port4163 buffer 10000000 interface inside circular-buffer match udp any any neq 4163 match udp any any

Labels:
0 Helpful
2 Replies 2

jensjacobsen
Level 1
Level 1

‎09-29-2011 02:13 PM

You Can use a acl in The capture,

"

Access-list udplan deny any any eq 1463

Access-list udplan permit udp any any

cap xxx access-list udplan interface inside

"

/Jens

Sent from Cisco Technical Support iPad App

0 Helpful

lchance
Level 1
Level 1
In response to jensjacobsen

‎09-30-2011 06:09 AM

Thanks Jens...interesting method which I will use.

But I am still curious as to why CAPTURE has so many parameters and how these are to be used. I did find some usage information online with the COMMAND LOOKUP TOOL however it does not exactly match what is offered in the ASA IOS.

So I'm wondering if there's a PDF source online which explains everything about CAPTURE and its many parameters.

0 Helpful
Customers Also Viewed These Support Documents