Autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis at vero eros et dolore feugait

Tag Archives:sniffer

How to Capture Traffic on Cisco ASA / PIX (sniffer)

How to Capture Traffic on Cisco ASA / PIX (sniffer)

To capture traffic on a Cisco ASA or PIX firewall the capture command can be used.

Example: Capturing traffic on ASA/PIX

You want to capture traffic from/to host located behind the dmz interface.

The access-list is optional and is used to filter to interesting traffic
pix(config)# access-list interesting_traffic permit ip host any
pix(config)# access-list interesting_traffic permit ip any host
pix(config)# capture cap1 access- interesting_traffic interface dmz

pix1(config)# show capture
capture cap1 access-list access-interesting interface dmz

Commands to show capturing results:
show capture cap1
show capture cap1 detail
show capture cap1 dump

Command to clear captured traffic:
clear capture cap1

Command to save results to tftp server:

copy capture:cap1 tftp://

To save results in pcap format:
copy capture:cap1 tftp:// pcap

Command to disable capturing:

pix(config)# no capture cap1


This can be very helpful in troubleshooting connectivity issues.  I most recently used this to troubleshoot VoIP issues for a customer.