Blog |Follow Nick on Twitter| About
 

I've been googling & searching through cisco release notes to find out what happened to the pix debug packet command after I upgraded from v6.3 to v7, you know it really shouldn't have taken that long because the first answer on google groups found it :\$

The message suggest using the capture command and points to the cisco documentation : http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/cref_txt/c.htm#wp1910869.

The first thing that strikes me is that the command isn't a real time view like the old debug, but it will offer you a file that you can open in ethereal - now that's quite cool :cool:
To get started you need to knock up an access list to capture the traffic, something like:

access-list sniffer permit ip host 192.168.1.1 host 192.168.2.2

should do the job, then start the capture on the interface where the traffic passes:

capture testcap access-list sniffer interface inside

before the next step you need to make sure you have the ADSM installed, and http server enable in your config, and a http line that allows you access, if you already use the ADSM you're already set up, die hard ssh'ers like me need to set this up.

Once you're happy adsm is running you can now browse to the results of you cap

https://securityappliance-ip-address/capture/capture\_name

add a /pcap on the end if you want a version of the capture to load into ethereal.

You can use the no syntax to stop the capture

no capture testcap

Happy Debuggin' !!!

rgds,

Nick

 
Nick Bettison ©