You can capture or sniff traffic on the Cisco routers and firewalls when required. This is a good way of troubleshooting a connection with watching the communication and handshakes.
Capture traffic on the Cisco ASA firewalls:
On Cisco ASA firewalls you can capture data for specific traffic
1-Create the capture on required interface, you can specify the matched traffic on capture command or you can set up an acl and use that with capture command.
ASA# capture cap1 interface outside match tcp any host 192.168.1.1 eq telnet
ASA# capture cap2 interface inside match tcp any host 192.168..1.1 eq telnet
ASA# capture cap3 interface outside match access-list acl1
2- Verify created capture
ASA# show capture
3- View the traffic
ASA# show capture cap1
ASA# show capture cap2
.
Capture traffic on Cisco routers:
On the routers creating and using captures is slightly different
1- Create the buffer size for the capture
Router# monitor capture buffer buf1 size 512 max-size 512 circular
2- Create the capture point and specify interface and traffic direction(in/out/both)
Router# monitor capture point ip cef cap1 gigabitethernet0/1 both
3- Associate the buffer with the capture point
Router# monitor capture point associate cap1 buf1
4- Start the capture
Router# monitor capture point start cap1
5- Stop the capture when you require to
Router# monitor capture point associate stop cap1
6- View the captured data
Router# show monitor capture buffer buf1 dump
7- You can also export the captured data to a file and view it with an sniffer program like Wireshark
Router# monitor capture buffer buf1 export tftp://192.168.1.10/buff1.pcap
Subscribe