Layer3

Adventures in Networking, Routing, Switching, Virtualization, Storage, etc.

Archive for the ‘ASA’ Category

« Previous Entries

ASA Packet Capture Using The CLI

Posted by Chris on December 7, 2009

Background
Cisco IOS Embedded Packet Capture (EPC) is an extremely useful troubleshooting tool and can prove particularly helpful when it is not feasible to set up a network tap or when diagnosing a problem on a remote system.

My lab device is a ASA5505, however the capture commands are similar across most platforms.  (ASA, PIX, FWSM and ISR routers running IOS 12.4(20)T or later)

Capturing Traffic on the ASA
The basic syntax of the capture command is as follows:
capture <capture name> interface <interface name>


While the capture is running, you can view the results on the console (not always a good idea and not very easy to read) or in a web browser.
To view the capture in a browser, format the URL as follows:
https://<device ip address>/admin/capture/<capture name>

A better option would be to open the capture in Wireshark.  We can download the capture in libpcap format by specifying the /pcap option at the end of the URL.
https://<device ip address>/admin/capture/<capture name>/pcap

When prompted, select the “Open With” radio button and select Wireshark from the list.  (you’ll need to have Wireshark installed on your host)

To stop the capture, simply negate the capture command, followed by the capture name.  This also removes the capture from the buffer so make sure you export it using the above procedure if you want to save the results:
no capture <capture name>

Options

Besides the many filtering options,  it’s possible to specify multiple simultaneous captures, each with different criteria.  Let’s capture only IP traffic on the outside interface and ARP traffic on the inside interface.

If you lose track of what captures are running on the device, enter show capture at the prompt to display active captures and their options.

Conclusions
EPC is a useful feature and has numerous capabilities beyond what I’ve demonstrated here.  When combined with Wireshark, EPC provides the ability to quickly capture and analyze network traffic without a tap or mirroring a port on an adjacent switch.

Additional Reading
ASA/PIX/FWSM: Packet Capturing using CLI and ASDM Configuration Example

Cisco IOS Embedded Packet Capture

Posted in ASA, Security, Troubleshooting | Tagged: , | Leave a Comment »

Cisco ASA 8.2 Software Available for Download

Posted by Chris on May 8, 2009

Login required.

ASA82

There’s also a new ASDM and java RDP plug-in available.

Posted in ASA, Cisco, Networking, Security | Tagged: , , , | Leave a Comment »

Cisco ASA 5500 Series 8.2 Software Release

Posted by Chris on April 30, 2009

Cisco has some new code in the works for the ASA 5500 series.  Check out the new features here.

It wasn’t posted for download as of a few minutes ago.  Keep checking…

Posted in ASA, IOS, Networking | Tagged: , , | Leave a Comment »

« Previous Entries