!! Configuring the captures
!! Method 1 - ACL Capture
  access-list ryan permit ip host <source> host <dst>
  capture ryan-inside access-list ryan int <int>
  show capture ryan-inside

!! Method 2 - Match Capture (This is bidirectional)
  capture ryan-inside interface <int> match ip host <src ip> dest <dest ip>
  sh cap ryan-inside

!! Obtaining capture as PCAP file
!! 1.) Method 1 - Copying to another location
  copy /pcap capture:/<capture-name> <destination>

!! Example:
  copy /pcap capture:/mycap ftp://1.1.1.1/incoming/mycap.pcap

!! 2.) Method 2 - Downloading from the firewall
 Visit in Browser: https://<FW-IP>/admin/capture/<capture_name>/pcap

!! Example:
  Visit in Browser: https://1.1.1.1/admin/capture/mycap/pcap

Notes:

  • To download the PCAP, ensure you are connecting on the same port as ASDM is configured ('show run http')

Documentation

Next Post Previous Post