• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

securitywing

Menu
  • About
  • Must Read
      • IIS Performance Boost
      • RFID Security
      • Web App Security Testing
      • How to Secure Home Network
      • Prevent Cross-Site Scripting Attacks
      • Renew Self-Signed Certificates
      • Penetration Testing Tools
      • VPN Concentrator
      • Forensic Investigation Tools
      • Digital Certificates
      • Cloud Security Issues
      • Advanced Evasion Prevention
      • Firewall Types
      • Tips to Prevent Data Exfiltration
      • Classified Info Handling
      • MySQL Security
      • Definition of 7 Types of Malware
      • VOIP Security
      • Why Antivirus Software Fails
      • 15 Network Security Vulnerabilities
      • Web App Security
      • IT Security Standards
      • Types of Virtualization
      • Android Security
      • Digital Signature
      • Advanced Malware Protection
    • Close
  • Consultancy
  • Contact

3 Simple Steps to Capture Cisco ASA Traffic with Command Line

by wing

Though many network engineers love using ADSM packet capture option, CLI(command line interface) mode is more useful and saves time if you want to customize your traffic capture command. Create a few customized capture commands in a text file and then paste it in the CLI of your ASA . use the following three generic  steps:

  1. Create a capture command
  2. Use the show capture command or real time capture command
  3. Use ‘no capture’ command to stop it.

In the global configuration mode, type the following to start capturing traffic:

# capture capout interface outside match ip 192.168.0.112 255.25.255.255 any

The above command will capture traffic from any host to the outside interface. Similarly, you can capture traffic sent to the inside interface. Just replace the name outside by inside or any other name of your interface traffic that you want to capture.

To capture traffic from a specific host such as 192.168.0.112 use the following command

#capture capout interface outside match ip 192.168.0.112   255.255.255.255  host 192.168.0.200

Or

# capture capout interface outside match ip  host 192.168.0.112 host 192.168.0.200

 

ASA Real time traffic  Capture Commands

#capture capout real-time match ip host 192.168.0.112 any

To capture real time traffic sent from a specific host:

#capture capout real-time match ip host 192.168.0.112 host 192.168.0.200

Note:  capout is a name used to label the traffic.

real time traffic capture in ASA CLI

To see the captured traffic, use the command given below

#show capture name_of_capture

#show capture capout

To clear captures:

#clear capture name_of_capture

#clear capture capout

How to stop the capture

“no capture name_of_capture” is used to stop the capture. Never forget to stop the capture when you are done with the capture; otherwise, your firewall will keep capturing the traffic.

Here is an example of how to stop capture.

#no capture capout interface inside
#no capture capout interface outside

How to capture Ethernet traffic

#capture arp1 ethernet-type arp interface outside

Note: here, arp1 is just a name to label the capture traffic. You can write any name of your choice to label your captured traffic.

To see the captured traffic use the following command:

# show  capture arp1

Note:  all the capture command need to be typed in the global configuration mode.

How to captured Cisco ASA traffic in real time

To see the real time traffic you need to use the following command

#capture capture_name interface outside real-time

For example, you want to see real-time IP traffic sent from a host 192.168.0.112 to the outside interface of your ASA firewall. The IP address of the outside interface of ASA is 192.168.0.200. Type the following command to see real time traffic from a specific host(192.168.0.112)

ciscoasa# capture capout real-time match ip host 192.168.0.112 host 192.168.0.200

To terminate real time traffic capture press ‘CRTL+C’.

To clear the buffer for all captured traffic, use the following command:

#clear capture  capture_name ( replace the capture_name with the name that you used to label the traffic)

To clear the buffer from all captures, use the following command.

# clear capture /all

Related Posts:

  • No Related Posts

Filed Under: Network Security Tips Tagged With: asa, packet capture, traffic

Primary Sidebar

CISSP Sample Test

Take a CISSP Sample Test

CISA IT governance Sample test



Twitter Follow @securitywing

Categories

  • AWS
  • containers
  • Internet Security and Safety
  • IS Audit
  • IT Security Exams
  • Network Security Tips
  • Off Track
  • Telecom
  • Tutorial

Pages

  • About
  • Best IT Security Certification Exam
  • CISA IT governance Sample test
  • CISA Sample Test
  • CISSP Sample Test Online
  • Consultancy
  • Contact

Popular Posts

  • How to Renew Self-Signed...
  • What is Digital Certifica...
  • How to install a new Goda...
  • 7 Different Types of Fire...
  • 3 Simple Steps to Capture...
  • 8 Effective Ways to Impro...
  • How to Configure AAA (TAC...
  • Host Based IDS vs Network...
  • Active vs Passive FTP Mod...
  • How to Extend Linux LVM b...

Footer

Copyrights

Protected by Copyscape Duplicate Content Detection Software

Securitywing.com reserves the copyrights of all of its published articles.No contents of this site is permitted to be published to anywhere else in the Internet.If any contents are found in any other websites, securitywing reserves the rights to file a DMCA complaint. But you have the right to use the link of any relevant article of this site to point from your website if you consider that it might improve the quality of your article.

Tags

audit AWS backup basics browser check cisco cloud computer configuration data database email firewall gmail hsrp ids iis informaiton internet it kubernetes linux load balancing malware microsoft network protection redundancy risk router security security tips server SSL switch test tools vpn vrrp web webserver website windows wordpress

Copyright © 2010-2021 ·All Rights Reserved · SecurityWing.com