I never knew you could get tcpdump-format files from a cisco ASA. Very cool!
The capture process is the same, but then stop the capture with the command "no capture $CAPNAME interface $INTERFACE" instead of "no capture $CAPNAME". Then you can go to the ASA's web site and find the file in "http://$FIREWALL/capture/$CAPNAME/pcap"
Download it and then you're good to open it with tcpdump or wireshark or whatever your packet capture viewer of choice is.
It doesn't look like there's a way to tftp it rather than turning on the ASA's http server for the duration of the download.
Subscribe to:
Post Comments (Atom)
Followers
About Me
![My photo](http://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBNwmdq-RYjbhHT063mUlVIBWMkDuoZ2eqYv6JKBxAiRR-qzxx8UBj2IJYlwyVnDfJfmGfaEvMK1smoS65y74stCBBY-lEXHRY0H_gh01oCYlbkR86WdndmC2pzY6UtA/s1600-r/regis-w-camera.jpg)
- regis
- Regis has worked as a network engineer since 1994 for small companies and for large companies.
No comments:
Post a Comment