Tuesday, June 28, 2016

ASA CAPTURE USER TRAFFIC FROM FIREWAL

ASA CAPTURE USER TRAFFIC FROM FIREWAL

 

 

 

===================================================================================================================================

 

Collect captures on the ASA for further analysis for the specific user IP following the below procedure

 

1.            Apply captures

#cap capout interface outside buffer 33554432 circular-buffer match tcp host A.B.C.D host 12.182.253.167

#cap capdmz interface dmz buffer 33554432 circular-buffer match tcp host A.B.C.D host 192.168.200.167

#cap asp type asp-drop all circular-buffer buffer 33554432

 

2.            Clear the captures

Clear cap /all

 

3.            Wait when the user gets disconnected and stop the captures

no cap capout interface outside

no cap capdmz interface dmz

no cap asp type asp-drop all

 

Note the timestamp when the user got disconnected and provide me with the exact time

 

4.            Collect the captures via TFTP or FTP

copy /pcap capture:capout ftp://anonymous:cisco@173.37.146.14/TAC--636095055-capout.pcap

copy /pcap capture:capdmz ftp://anonymous:cisco@173.37.146.14/TAC--636095055-capdmz.pcap

copy /pcap capture:asp ftp://anonymous:cisco@173.37.146.14/TAC--636095055-asp.pcap

 

5.            Collect asp captures in text format

Sh cap asp | i 12.182.253.167

Sh cap asp | i 192.168.200.167

Sh cap asp | i A.B.C.D

 

6.            It would be great if you also collect the syslogs from the ASA at the time when the issue happen

===================================================================================================================



Disclaimer: This communication is for the exclusive use of the intended recipient(s) and shall not attach any liability on the originator or ITC Infotech India Ltd./its Holding company/ its Subsidiaries/ its Group Companies. If you are the addressee, the contents of this e-mail are intended for your use only and it shall not be forwarded to any third party, without first obtaining written authorization from the originator or ITC Infotech India Ltd./ its Holding company/its Subsidiaries/ its Group Companies. It may contain information which is confidential and legally privileged and the same shall not be used or dealt with by any third party in any manner whatsoever without the specific consent of ITC Infotech India Ltd./ its Holding company/ its Subsidiaries/ its Group Companies.
Posted by at No comments:

ASA capture

cap asp type asp-drop all circular-buffer

 

 



Disclaimer: This communication is for the exclusive use of the intended recipient(s) and shall not attach any liability on the originator or ITC Infotech India Ltd./its Holding company/ its Subsidiaries/ its Group Companies. If you are the addressee, the contents of this e-mail are intended for your use only and it shall not be forwarded to any third party, without first obtaining written authorization from the originator or ITC Infotech India Ltd./ its Holding company/its Subsidiaries/ its Group Companies. It may contain information which is confidential and legally privileged and the same shall not be used or dealt with by any third party in any manner whatsoever without the specific consent of ITC Infotech India Ltd./ its Holding company/ its Subsidiaries/ its Group Companies.
Posted by at No comments:
Subscribe to: Posts (Atom)