Home / Articles / ASA-PIX / PIX Packet Capture

PIX Packet Capture

There are times when you need to capture traffic on a PIX firewall. Here is how it can be accomplished:

Create an ACL

Access-list noynim permit ip any any

You can get more granular on your ACL if you need to, the above ACL looks for everything

Capture noynimcap access-list noynim interface inside

If you need to monitor different interfaces change the interface to whatever (ie outside, dmz)

Once you are done, you can view the sniff by issuing the following command:

show capture noynim cap

I usually like to to this capture and analyze it using wireshark or tcpdump so you can offload it to your tfp server by issuing the following command:

copy /pcap capture:noynimcap tftp://1.1.1.1

Make sure to change 1.1.1.1 to your tfp server.

Share


Comment on PIX Packet Capture

Leave a Reply






Contact Us