Re: How to capture dropped packet in ftd firewalll

ShareefKooliyodan0444 · ‎04-16-2024

Hello

could you please share the solution for showing dropped packet from internet to inside lan ?
i have FTD 4100 series managed by fmc

I want to see output from cli or fmc related to nat transactions packet(dropped and passed) both.

MHM Cisco World · ‎04-16-2024

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/212474-working-with-firepower-threat-defense-f.html

Check this

MHM

Aref Alsouqi · ‎04-16-2024

If you do the capture from Lina engine by typing "system support diagnostic-cli" from the > line in the FTD, then you can set the capture as you would do it on the ASA adding the "asp-drop" keyword to the command similar to this:

capture CAP type asp-drop < select the ASP drop type >

ShareefKooliyodan0444 · ‎04-17-2024

Hello.

below command is worked to capture dropped packed .

> capture asp type asp-drop all match ip any host xx.xxx.xx.xx
>show capture asp

thank you for you support .

Aref Alsouqi · ‎04-18-2024

That works as well : - D.

MHM Cisco World · ‎04-18-2024

Asp-drop all'

This will not give anything.

This steps is last one in troubleshooting'

First try packet-tracer

If you see the result of packet tracer is drop for example route' the you can use capture asp-drop type route.

Do packet-tracer as I mention above

See in which phase the packet is drop

Share here if ypu want

MHM

tvotna · ‎04-18-2024

@MHM Cisco World, FYI, NAT is a function of Lina, so "capture type asp-drop" will do exactly what the user was ask ing about, i.e. show packets dropped by NAT. Of course, specific NAT-related drop codes can be specified in the command to narrow it down.