Complee these steps in order to configure Packet capture in ASA/PIX using CLI:

Configure the Inside and Outside interfaces as shown in the network diagram with IP address and
Security−levels.
1.
Configure the access−lists asdm_cap_selector_inside and asdm_cap_selector_outside for capturing
the packets that travel from the inside network to the outside network and outside network to inside
network .
access−list asdm_cap_selector_inside extended permit ip host 10.20.10.2 host 172.16.1.2
access−list asdm_cap_selector_inside extended permit ip host 172.16.1.2 host 10.20.10.2
access−list asdm_cap_selector_outside extended permit ip host 172.16.1.2 host 10.20.10.2
access−list asdm_cap_selector_outside extended permit ip host 10.20.10.2 host 172.16.1.2

2.
Start the packet capture process using the capture command in privileged EXEC mode. The capture
command should be used after the access−lists have been configured as shown in the ASA
configuration. In this configuration example, the capture named capin is defined. Bind it to the inside
interface, and specify to only capture packets that match the access−list asdm_cap_selector_inside as
shown here:
ASA#capture capin interface inside access−list asdm_cap_selector_inside
Similarly, the capture named capout is defined. Bind it to the outside interface, and specify to only
capture packets that match the access−list asdm_cap_selector_outside as shown here:
ASA#capture capout interface outside access−list asdm_cap_selector_outside
The ASA will now start capturing the traffic flow between the interfaces. In order to stop the capture
at anytime, use the no capture command followed by the capture name.
3.
Viewing the Captured Packets on ASA
Viewing the Captured packets on the ASA Device
In order to view the captured packets, use the show capture command
followed by the capture name. These are the show command outputs of the
capture buffer contents:
The show capture capin command shows the contents of the capture buffer
named capin.
ASA#show capture capin
20 packets captured
1: 01:49:24.087474 10.20.10.2 > 172.16.1.2: icmp: echo request
2: 01:49:24.087474 172.16.1.2 > 10.20.10.2: icmp: echo reply
3: 01:49:24.087474 10.20.10.2 > 172.16.1.2: icmp: echo request
4: 01:49:24.087474 172.16.1.2 > 10.20.10.2: icmp: echo reply
5: 01:49:24.087474 10.20.10.2 > 172.16.1.2: icmp: echo request
6: 01:49:24.087474 172.16.1.2 > 10.20.10.2: icmp: echo reply
7: 01:49:24.087474 10.20.10.2 > 172.16.1.2: icmp: echo request
8: 01:49:24.087474 172.16.1.2 > 10.20.10.2: icmp: echo reply
9: 01:49:24.087474 10.20.10.2 > 172.16.1.2: icmp: echo request
10: 01:49:24.087474 172.16.1.2 > 10.20.10.2: icmp: echo reply
11: 01:49:26.247042 172.16.1.2 > 10.20.10.2: icmp: echo request
12: 01:49:26.247042 10.20.10.2 > 172.16.1.2: icmp: echo reply
13: 01:49:26.247042 172.16.1.2 > 10.20.10.2: icmp: echo request
14: 01:49:26.247042 10.20.10.2 > 172.16.1.2: icmp: echo reply
15: 01:49:26.257051 172.16.1.2 > 10.20.10.2: icmp: echo request
16: 01:49:26.257051 10.20.10.2 > 172.16.1.2: icmp: echo reply
17: 01:49:26.257051 172.16.1.2 > 10.20.10.2: icmp: echo request
18: 01:49:26.257051 10.20.10.2 > 172.16.1.2: icmp: echo reply
19: 01:49:26.257051 172.16.1.2 > 10.20.10.2: icmp: echo request
20: 01:49:26.257051 10.20.10.2 > 172.16.1.2: icmp: echo reply
20 packets shown
ASA#
The show capture capout command shows the contents of the capture buffer
named capout.
ASA#show capture capout
20 packets captured
1: 01:49:24.087474 10.20.10.2 > 172.16.1.2: icmp: echo request
2: 01:49:24.087474 172.16.1.2 > 10.20.10.2: icmp: echo reply
3: 01:49:24.087474 10.20.10.2 > 172.16.1.2: icmp: echo request
4: 01:49:24.087474 172.16.1.2 > 10.20.10.2: icmp: echo reply
5: 01:49:24.087474 10.20.10.2 > 172.16.1.2: icmp: echo request
6: 01:49:24.087474 172.16.1.2 > 10.20.10.2: icmp: echo reply
7: 01:49:24.087474 10.20.10.2 > 172.16.1.2: icmp: echo request
8: 01:49:24.087474 172.16.1.2 > 10.20.10.2: icmp: echo reply
9: 01:49:24.087474 10.20.10.2 > 172.16.1.2: icmp: echo request
10: 01:49:24.087474 172.16.1.2 > 10.20.10.2: icmp: echo reply
11: 01:49:26.247042 172.16.1.2 > 10.20.10.2: icmp: echo request
12: 01:49:26.247042 10.20.10.2 > 172.16.1.2: icmp: echo reply
13: 01:49:26.247042 172.16.1.2 > 10.20.10.2: icmp: echo request
14: 01:49:26.247042 10.20.10.2 > 172.16.1.2: icmp: echo reply
15: 01:49:26.257051 172.16.1.2 > 10.20.10.2: icmp: echo request
16: 01:49:26.257051 10.20.10.2 > 172.16.1.2: icmp: echo reply
17: 01:49:26.257051 172.16.1.2 > 10.20.10.2: icmp: echo request
18: 01:49:26.257051 10.20.10.2 > 172.16.1.2: icmp: echo reply
19: 01:49:26.257051 172.16.1.2 > 10.20.10.2: icmp: echo request
20: 01:49:26.257051 10.20.10.2 > 172.16.1.2: icmp: echo reply
20 packets shown
ASA#

Advertisements