1-3
Cisco ASA Series CLI Configuration Guide
Chapter 1 Troubleshooting
Capturing Packets
Command
Purpose
cluster exec
]
capture
capture_name
[
type
{
asp-drop all
[
drop-code
] |
tls-proxy
|
raw-data
|
lacp |
isakmp [ikev1 | ikev2] | decrypted
| webvpn
user
webvpn-user
[
url
url]
}] [
capture
]
[
access-list
access_list_name
]
[
buffer
buf_size
] [
ethernet-type
type
] [
interface
interface_name
]
[
reinject-hide
] [
packet-length
bytes
] [
circular-buffer
] [
trace
trace_count
] [
real-time
] [
trace
]
[
match
prot
{
host
source
-
ip
|
source
-
ip mask
|
any
}{
host
destination
-
ip
|
destination-ip mask
|
any
} [
operator
port
]
Example:
hostname#
capture captest
interface inside
Enables packet capture capabilities for packet sniffing and network fault isolation.
The
access-list
access_list_name
keyword argument pair captures traffic that
matches an access list. In multiple context mode, this is only available within a
context. The
any
keyword
specifies any IP address instead of a single IP address
and mask. The
all
keyword captures all the packets that the ASA drops. The
asp-drop
[
drop-code
] keyword argument pair captures packets dropped by the
accelerated security path. The
drop-code
specifies the type of traffic that is dropped
by the accelerated security path. See the
show asp drop frame
command for a list
of drop codes. If you do not enter the
drop-code
argument, then all dropped packets
are captured. You can enter this keyword with the
packet-length
,
circular-buffer
,
and
buffer
keywords, but not with the
interface
or
ethernet-type
keyword. In a
cluster, dropped forwarded data packets from one unit to another are also captured.
In multiple context mode, when this option is issued in system context, all dropped
data packets are captured; when this option is issued in a user context, only dropped
data packets that enter from interfaces belonging to the user context are captured.
The
buffer
buf_size
keyword argument pair defines the buffer size used to store the
packet in bytes. When the byte buffer is full, packet capture stops. When used in a
cluster, this is the per-unit size, not the sum of all units. The
capture_name
argument specifies the name of the packet capture. Use the same name on multiple
capture
statements to capture multiple types of traffic. When you view the capture
configuration using the
show capture
command, all options are combined on one
line. The
circular-buffer
keyword
overwrites the buffer, starting from the
beginning, when the buffer is full. The
cluster exec
keyword is used only in a
clustering deployment as a wrapper CLI prefix, can be used with the
capture
and
show capture
commands, and enables you to issue the
capture
command in one
unit and run the command in all the other units at the same time. The
decrypted
keyword enables decrypted TCP data to be encapsulated with L2-L4 headers, then
captured by the capture engine. The
ethernet-type
type
keyword argument pair
selects an Ethernet type to capture. Supported Ethernet types include 8021Q, ARP,
IP, IP6, IPX, LACP, PPPOED, PPPOES, RARP, and VLAN. An exception occurs
with the 802.1Q or VLAN type. The 802.1Q tag is automatically skipped and the
inner Ethernet type is used for matching. The
host
ip
keyword argument pair
specifies the single IP address of the host to which the packet is being sent. The
interface
interface_name
keyword argument pair sets the name of the interface on
which to use packet capture. You must configure an interface for any packets to be
captured. You can configure multiple interfaces using multiple
capture
commands
with the same name. To capture packets on the dataplane of an ASA, you can use
the
interface
keyword with “asa_dataplane” as the interface name.You can specify
“cluster” as the interface name to capture the traffic on the cluster control link
interface. The interface names "cluster" and "asa-dataplane" are fixed and not
configurable. If the type
lacp
capture is configured, the interface name is the
physical name. The
isakmp
keyword
captures ISAKMP traffic. This is not available
in multiple context mode. The ISAKMP subsystem does not have access to the
upper layer protocols. The capture is a pseudo capture, with the physical, IP, and
UDP layers combined together to satisfy a PCAP parser. The peer addresses are
obtained from the SA exchange and are stored in the IP layer. Use the
ikev1
or
ikev2
keywords to capture only IKEv1 or IKEv2 protocol information. The
lacp
keyword
captures LACP traffic. If configured, the interface name is the physical interface
name. The
trace
,
match
, and
access-list
keywords cannot be used together with the
lacp
keyword.
Содержание 5505 - ASA Firewall Edition Bundle
Страница 28: ...Glossary GL 24 Cisco ASA Series CLI Configuration Guide ...
Страница 61: ...P A R T 1 Getting Started with the ASA ...
Страница 62: ......
Страница 218: ...1 56 Cisco ASA Series CLI Configuration Guide Chapter 1 Managing Feature Licenses Feature History for Licensing ...
Страница 219: ...P A R T 2 Configuring High Availability and Scalability ...
Страница 220: ......
Страница 358: ...1 22 Cisco ASA Series CLI Configuration Guide Chapter 1 Information About Failover Failover Messages ...
Страница 403: ...P A R T 2 Configuring Interfaces ...
Страница 404: ......
Страница 499: ...P A R T 2 Configuring Basic Settings ...
Страница 500: ......
Страница 516: ...1 16 Cisco ASA Series CLI Configuration Guide Chapter 1 Configuring Basic Settings Monitoring DNS Cache ...
Страница 533: ...P A R T 2 Configuring Objects and Access Lists ...
Страница 534: ......
Страница 558: ...1 4 Cisco ASA Series CLI Configuration Guide Chapter 1 Information About Access Lists Where to Go Next ...
Страница 601: ...P A R T 2 Configuring IP Routing ...
Страница 602: ......
Страница 632: ...1 8 Cisco ASA Series CLI Configuration Guide Chapter 1 Defining Route Maps Feature History for Route Maps ...
Страница 680: ...1 48 Cisco ASA Series CLI Configuration Guide Chapter 1 Configuring OSPF Feature History for OSPF ...
Страница 745: ...P A R T 2 Configuring Network Address Translation ...
Страница 746: ......
Страница 780: ...1 34 Cisco ASA Series CLI Configuration Guide Chapter 1 Information About NAT Where to Go Next ...
Страница 844: ...1 32 Cisco ASA Series CLI Configuration Guide Chapter 1 Configuring Twice NAT Feature History for Twice NAT ...
Страница 845: ...P A R T 2 Configuring AAA Servers and the Local Database ...
Страница 846: ......
Страница 859: ...1 13 Cisco ASA Series CLI Configuration Guide Chapter 1 Configuring AAA Servers and the Local Database Configuring AAA ...
Страница 871: ...1 25 Cisco ASA Series CLI Configuration Guide Chapter 1 Configuring AAA Servers and the Local Database Configuring AAA ...
Страница 981: ...P A R T 2 Configuring Access Control ...
Страница 982: ......
Страница 994: ...1 12 Cisco ASA Series CLI Configuration Guide Chapter 1 Configuring Access Rules Feature History for Access Rules ...
Страница 1028: ...1 34 Cisco ASA Series CLI Configuration Guide Chapter 1 Configuring Management Access Feature History for Management Access ...
Страница 1054: ...1 26 Cisco ASA Series CLI Configuration Guide Chapter 1 Configuring AAA Rules for Network Access Feature History for AAA Rules ...
Страница 1060: ...1 6 Cisco ASA Series CLI Configuration Guide Chapter 1 Configuring Web Cache Services Using WCCP Feature History for WCCP ...
Страница 1061: ...P A R T 2 Configuring Service Policies Using the Modular Policy Framework ...
Страница 1062: ......
Страница 1093: ...P A R T 2 Configuring Application Inspection ...
Страница 1094: ......
Страница 1191: ...P A R T 2 Configuring Unified Communications ...
Страница 1192: ......
Страница 1333: ...P A R T 2 Configuring Connection Settings and QoS ...
Страница 1334: ......
Страница 1370: ...1 20 Cisco ASA Series CLI Configuration Guide Chapter 1 Configuring QoS Feature History for QoS ...
Страница 1379: ...P A R T 2 Configuring Advanced Network Protection ...
Страница 1380: ......
Страница 1448: ...1 20 Cisco ASA Series CLI Configuration Guide Chapter 1 Configuring Threat Detection Configuration Examples for Threat Detection ...
Страница 1474: ...1 18 Cisco ASA Series CLI Configuration Guide Chapter 1 Configuring Filtering Services Monitoring Filtering Statistics ...
Страница 1475: ...P A R T 2 Configuring Modules ...
Страница 1476: ......
Страница 1504: ...1 28 Cisco ASA Series CLI Configuration Guide Chapter 1 Configuring the ASA IPS Module Feature History for the ASA IPS module ...
Страница 1528: ...1 24 Cisco ASA Series CLI Configuration Guide Chapter 1 Configuring the ASA CX Module Feature History for the ASA CX Module ...
Страница 1548: ...1 20 Cisco ASA Series CLI Configuration Guide Chapter 1 Configuring the ASA CSC Module Feature History for the CSC SSM ...
Страница 1549: ...P A R T 2 Configuring VPN ...
Страница 1550: ......
Страница 1592: ...1 42 Cisco ASA Series CLI Configuration Guide Chapter 1 Configuring IPsec and ISAKMP Supporting the Nokia VPN Client ...
Страница 1612: ...1 20 Cisco ASA Series CLI Configuration Guide Chapter 1 Configuring L2TP over IPsec Feature History for L2TP over IPsec ...
Страница 1796: ...1 6 Cisco ASA Series CLI Configuration Guide Chapter 1 Configuring the PPPoE Client Using Related Commands ...
Страница 1965: ...P A R T 2 Configuring Logging SNMP and Smart Call Home ...
Страница 1966: ......
Страница 1988: ...1 22 Cisco ASA Series CLI Configuration Guide Chapter 1 Configuring Logging Feature History for Logging ...
Страница 2002: ...1 14 Cisco ASA Series CLI Configuration Guide Chapter 1 Configuring NetFlow Secure Event Logging NSEL Feature History for NSEL ...
Страница 2036: ...1 34 Cisco ASA Series CLI Configuration Guide Chapter 1 Configuring SNMP Feature History for SNMP ...
Страница 2059: ...P A R T 2 System Administration ...
Страница 2060: ......
Страница 2098: ...1 8 Cisco ASA Series CLI Configuration Guide Chapter 1 Troubleshooting Viewing the Coredump ...
Страница 2099: ...P A R T 2 Reference ...
Страница 2100: ......