Saturday 30 July 2016

Capture traffic from Cisco ASA command line

Commands

ASA#capture <capname> interface <interface> match ip Source Destination

ASA#capture captureinside interface inside match ip host 192.168.1.1 host 192.168.2.1

View the capture file with following command

ASA#show capture <capname>

If you want the same to be opened in wireshark or require it as a file

https://<ip address of asa>/capture/<capname>/pcap from the browser, it will be downloaded to the local machine