PIX Packet Capture
There are times when you need to capture traffic on a PIX firewall. Here is how it can be accomplished:
Create an ACL
Access-list noynim permit ip any any
You can get more granular on your ACL if you need to, the above ACL looks for everything
Capture noynimcap access-list noynim interface inside
If you need to monitor different interfaces change the interface to whatever (ie outside, dmz)
Once you are done, you can view the sniff by issuing the following command:
show capture noynim cap
I usually like to to this capture and analyze it using wireshark or tcpdump so you can offload it to your tfp server by issuing the following command:
copy /pcap capture:noynimcap tftp://1.1.1.1
Make sure to change 1.1.1.1 to your tfp server.
Share
Comment on PIX Packet Capture
Leave a Reply