Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
869
Views
5
Helpful
2
Replies

PCAP ON ASA - Capture in both directions?

GRANT3779
Spotlight
Spotlight

‎06-23-2016 07:48 AM - edited ‎03-12-2019 12:56 AM

Hi,

Running a pcap on ASA. If I have the folowing as an example -

capture CAP_Voice_LAN access-list ACL_Voice buffer 33554432 interface LAN circular-buffer

Will this capture packets in both directions? Entering the LAN interface and Leaving the LAN Interface or is unidirectional?

Thanks

Labels:
0 Helpful
2 Replies 2

Aditya Ganjoo
Cisco Employee
Cisco Employee

‎06-23-2016 09:04 AM

Hi,

It depends on the access-list you link with the capture.

We need to define traffic bi-directionally.

access-list test permit ip host 1.1.1.1 host 2.2.2.2

access-list test permit ip host 2.2.2.2 host 1.1.1.1

This ACL would ensure that traffic is captured in both the directions.

capture CAP_Voice_LAN access-list test buffer 33554432 interface LAN circular-buffer

Regards,

Aditya

Please rate helpful posts and mark correct answers.

johnlloyd_13
Level 9
Level 9

‎06-23-2016 08:11 PM

per my notes here:

By default, all packets moving through all ASA interfaces are captured. You should try to narrow the scope of the captured packets as much as possible so that only packets of interests are captured. You canspecify the ASA interface name where the capture should take place.

see also this helpful link:

http://ccnpsecuritywannabe.blogspot.com/2014/01/using-packet-capture-on-asa.html

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card