Capture traffic

    Create a packet capture If you want to capture traffic in real time, you can setup a trace on the firewall. Syntax:

    capture <cap-name> interface <intname> match <protocol> <source> <destination>

    To start capture:

    # cap billcap inter outside-telekom match ip any host 8.8.8.8

    To view capture detail:

    show capture <capname>

    To restart capture:

    clear capture <capname>

    To remove capture:

    no capture <capname>

    To view all running captures:

    show capture

    To download capture from firewall:

    https://<FWIP>/admin/capture/<capname>/pcap

    or if http(s) is not accessable

    copy /pcap capture:<capname> disk0:<capname>

    from a client you have SSH access to the system do:

    scp user@asa:disk0:<capname> ./<capname>

# force fallback to old scp-style (openssh >= 9)
scp -O user@asa:disk0:<capname> ./<capname>

    Dont forget to stop capture and delete the disk0:<capname> file!

    Tags:

    Leave a Reply

    Related News

    FabricOS

    26.06.2025

    Brocade switches

    21.05.2025

    You may have missed

    SSH

    23.09.2025

    Cisco ASA packet capture

    23.09.2025

    Bitcoin Core

    14.08.2025

    Par2

    10.07.2025

    PF

    10.07.2025

    Ghostscript

    10.07.2025