Cisco uses a different way to run and save packet captures on its ASA firewall than a popular Linux tcpdump/Wireshark tools. Below is a quick guide to capture and then copy out a pcap file from the firewall for offline analysis.

Setting up your Packet Capture

The basic syntax is:

#capture <Name for capture> type raw-data match ip  <source IP/Network> <Network Mask> <destination IP/Network> <Network MAsk>

#capture <Name for capture> packet-length 1522 buffer 524288

#capture <Name for capture> interface <Name of interface to capture on>

PaulBens World

Random Tech Photos Projects and Randomness of My Mind

Tag Archives: pcap

How to perform a pcap packet capture and copy the file off of a Cisco ASA

Setting up your Packet Capture

Continue reading →