|How to Capture Traffic on Cisco ASA / PIX (sniffer)|
To capture traffic on a Cisco ASA or PIX firewall the capture command can be used.
Example: Capturing traffic on ASA/PIX
You want to capture traffic from/to host 10.100.100.1 located behind the dmz interface.
The access-list is optional and is used to filter to interesting traffic
pix1(config)# show capture
Commands to show capturing results:
Command to clear captured traffic:
Command to save results to tftp server:
copy capture:cap1 tftp://10.1.1.1/dmzhost.txt
To save results in pcap format:
Command to disable capturing:
pix(config)# no capture cap1
This can be very helpful in troubleshooting connectivity issues. I most recently used this to troubleshoot VoIP issues for a customer.