Wednesday, January 15, 2025
Latest:

Configuring Packet Capture or PCAP Cisco ASA Firewalls – ASDM

edledge
edledge Cisco logo
Views: 274

Scenario:
Make: Cisco
Model: ASA 5506-X, ASA 5506 W-X, ASA 5508-X, Cisco ASA 5500 Series
Mode: GUI [ASDM]
Version: ASA version 9.x or later & ASDM version 7.x or later.
Description: In this article, we will discuss the stepwise method of how to do packet capture or get PCAP on Cisco ASA Firewalls via ASDM or GUI. We can do the PCAP or capture packets on Cisco ASA via CLI or SSH as well.

Introduction

The packet capture process is useful to troubleshoot connectivity problems or monitor suspicious activity. In addition, it is possible to create multiple captures in order to analyze different types of traffic on multiple interfaces.

Here considering we are looking to capture packets from the client on an inside interface with IP – 192.168.1.11 to outside 101.202.303.404

Configure Packet Capture with the GUI or ASDM

Step1Login
Login onto the Cisco ASA via ASDM using username and password.

ASA ASDM Login

Step2: Packet Capture Wizard
Click “Wizards” and then click on “Packet Capture Wizard“, follow the steps as shown below in the image.

cisco_asa_packet_capture_wizard

Step3: Click Next
The first page is the details of how to do it, click “Next” to proceed further.

cisco_asa_pcap_step

Step4: Point of Ingress
Select the ingress interface and source/destination IP address and the protocol we want to capture. Follow the steps as shown below in the image.

cisco_asa_pcap_ingress

Step5: Point of Egress
Select the Egress interface, subnets and protocols. You could leave this as it is unless you want to capture packets in both directions.

cisco_asa_pcap_egress

Step6: Buffers & Captures
Leave this page on default settings and click “Next” or Make changes as per your requirement and then click “Next” to proceed.

cisco_asa_pcap_buffer

Step7: Summary
Review the packet capture settings and click “Next” to proceed further.

cisco_asa_pcap_summary

Step8: Run Capture
Click “Start” to start the packet capture as shown below in the image.

cisco_asa_pcap_start

Step9: Capture Buffer
Click “Capture Buffer” and it will show the captured packets.

cisco_asa_pcap_capture_packets

Step10: Save Capture
You could save the capture for analysis. Follow the steps shown below.

cisco_asa_save_pcap

Step11: Save Ingress & Egress
Save the Ingress & Egress packets for future analysis.

cisco_asa_pcap_packets

Finally, click “Finish” to end the packet capture and close the wizard.

Other Important Topics on ASA

Quiz_01

1 / 5

Does Cisco ASA supports PPPoE link?

2 / 5

How many interfaces in Cisco ASA can have same route map?

3 / 5

What are the two types of packet capture in Cisco ASA?

4 / 5

How many 10 Gig ports are available in Cisco 5508-X ASA?

5 / 5

What is the default buffer size of Cisco ASA PCAP?

Your score is

The average score is 50%

0%

SourceKnowledge Base, InternetCisco

EA00141

Leave a Reply

Your email address will not be published. Required fields are marked *