Debug Packet command missing on PIX 7
Tags: Blog, Cisco, Security
I’ve been googling & searching through cisco release notes to find out what happened to the pix debug packet command after I upgraded from v6.3 to v7, you know it really shouldn’t have taken that long because the first answer on google groups found it :$
The message suggest using the capture command and points to the cisco documentation : http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/cref_txt/c.htm#wp1910869.
The first thing that strikes me is that the command isn’t a real time view like the old debug, but it will offer you a file that you can open in ethereal - now that’s quite cool 
To get started you need to knock up an access list to capture the traffic, something like:
should do the job, then start the capture on the interface where the traffic passes:
before the next step you need to make sure you have the ADSM installed, and http server enable in your config, and a http line that allows you access, if you already use the ADSM you’re already set up, die hard ssh’ers like me need to set this up.
Once you’re happy adsm is running you can now browse to the results of you cap
add a /pcap on the end if you want a version of the capture to load into ethereal.
You can use the no syntax to stop the capture
Happy Debuggin’ !!!
awesome, it’s almost realtime if you refresh the browser displaying the capture.
yeah, tiz very cool, especially if you use the capture file with ethereal
yes, this is adding to a very old post, but I found this useful.
when you’ve got what you want in a capture, you can unbind the capture from the interface without deleting it
# no capture testcap interface inside
You may also be able to get the capture off the box without using ASDM.
# copy /pcap capture:testcap (destination)
The (destination) part is where the documentation and the implemented functionality part ways… Cisco’s docs say you can copy to local flash, or to http, https, ftp, or tftp servers.
When I enter a ? at the destination part, I get offered only the options of local disk, ftp, or tftp. If I tried to copy to local disk, I got told
“ERROR: destination file system is not remote”
I haven’t tested how well it does at putting the capture on a remote server, or if it will actually let you upload it to an http[s] server despite not prompting you with this option…
I like that you think my posts are odd ! ….. but you’re right they’re supposed to be useful.
Thanks for the tip, tbh most of my troubleshooting can be solved with a “show capture testcap” but it’s nice to know there are alternatives.
[...] ran a packet capture and found that the phone was “bouncing” the RTP stream off the firewall rather than [...]