-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpacket-capturing-on-cisco-asa.html
79 lines (67 loc) · 4.51 KB
/
packet-capturing-on-cisco-asa.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<title>Packet capturing on Cisco ASA - kb.haeringer.org</title>
<link href="http://fonts.googleapis.com/css?family=Arimo:400,700|Inika" rel="stylesheet" type="text/css" />
<link rel="stylesheet" type="text/css" href="/theme/bootstrap.css" />
<link rel="stylesheet" type="text/css" href="/theme/pastie.css" />
<link href="/" type="application/atom+xml" rel="alternate" title="kb.haeringer.org Atom Feed" />
</head>
<body>
<div class="container">
<div class="row">
<div class="span10">
<div id="content">
<div class="header">
<h1>Packet capturing on Cisco ASA</h1>
</br>
</div>
<p class="meta"><small><span><a href="/author/ben/">ben</a> - </span><span>Do 17 Februar 2011</span> - <span class="tags"><a href="/tag/ASA/">ASA</a>, <a href="/tag/Cisco IOS/">Cisco IOS</a>, <a href="/tag/Packet capturing/">Packet capturing</a></span></small></p>
<div class="entry-content">
<p>The ASA5500 firewalls offer a great and simple packet capturing tool to
see if specific packets pass a certain interface.</p>
<p>First write an access list that defines the source and destination
address of the packets you want to see:</p>
<div class="highlight"><pre><span class="n">access</span><span class="o">-</span><span class="n">list</span> <span class="n">CAPACL</span><span class="o">-</span><span class="n">TO</span><span class="o">-</span><span class="n">CME</span> <span class="n">extended</span> <span class="n">permit</span> <span class="n">udp</span> <span class="n">any</span> <span class="n">host</span> <span class="mf">10.1.1.1</span>
</pre></div>
<p>Set the capture, referencing to the access list and defining the
interface on which you want to capture:<br />
<!--more--></p>
<div class="highlight"><pre><span class="n">capture</span> <span class="n">CAP</span><span class="o">-</span><span class="n">TO</span><span class="o">-</span><span class="n">CME</span> <span class="n">access</span><span class="o">-</span><span class="n">list</span> <span class="n">CAPACL</span><span class="o">-</span><span class="n">TO</span><span class="o">-</span><span class="n">CME</span> <span class="n">interface</span> <span class="n">inside</span>
</pre></div>
<p>Initiate some of the traffic of interest and see if it got captured:</p>
<div class="highlight"><pre><span class="n">show</span> <span class="n">capture</span> <span class="n">CAP</span><span class="o">-</span><span class="n">TO</span><span class="o">-</span><span class="n">CME</span>
<span class="mi">238</span> <span class="n">packets</span> <span class="n">captured</span>
<span class="mi">1</span><span class="o">:</span> <span class="mi">18</span><span class="o">:</span><span class="mo">04</span><span class="o">:</span><span class="mf">05.800938</span> <span class="mf">192.168.3.10.5060</span> <span class="o">></span> <span class="mf">10.1.1.1.5060</span><span class="o">:</span> <span class="n">udp</span> <span class="mi">494</span>
<span class="mi">2</span><span class="o">:</span> <span class="mi">18</span><span class="o">:</span><span class="mo">04</span><span class="o">:</span><span class="mf">06.971247</span> <span class="mf">192.168.2.10.5060</span> <span class="o">></span> <span class="mf">10.1.1.1.5060</span><span class="o">:</span> <span class="n">udp</span> <span class="mi">446</span>
<span class="p">[...]</span>
</pre></div>
</div><!-- /.entry-content -->
</div>
</div>
<div class="span2">
<div class="well">
<ul class="nav nav-list">
<li class="nav-header">Blog</li>
<!-- <li ><a href="">Home</a></li> -->
<li ><a href="index.html">Home</a></li>
<li ><a href="/tags/">Tags</a></li>
<li ><a href="/archives/">Archive</a></li>
<li class="nav-header">Pages</li>
<li><a href="/pages/about.html">About</a></li>
</ul>
</div><!-- /#menu -->
</div>
</div>
<hr />
<div class="row">
<div class="span12">
<div id="about">
<p>Proudly powered by <a href="http://twitter.github.com/bootstrap/">bootstrap</a>, <a href="http://docs.notmyidea.org/alexis/pelican/">pelican</a>, <a href="http://python.org">python</a> and <a href="http://www.julo.ch/about/">Alex</a></p>
</div><!-- /#about -->
</div><!-- /#contentinfo -->
</div>
</div>
</body>
</html>