Filter
Top Products
69-19
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 69 Using External Monitoring, Troubleshooting, and Diagnostic Tools
Using the Packet Capture Wizard
The Packet Capture Wizard also supports packet captures on ASA clusters. If you run the Packet Capture
Wizard on the master unit of an ASA cluster, you are given the option of capturing data for just the
selected device or all devices in the cluster. After running the capture for a cluster, you can view
summary information for the cluster and also view or download capture buffers for specific devices in
the cluster.
Note If the cluster master has changed, it should be updated in Security Manager before running the Packet
Capture Wizard. If not, capture for cluster members will contain errors. You can update the cluster
master for a cluster using the Retrieve From Device button on the Device Properties > Cluster
Information page. For more information, see Cluster Information Page, page 3-48.
The captures can be run using pre-configured access-lists or using match criteria of packet parameters
such as source, destination address/port on one or more interfaces.
Please note the following:
• You can only use the Packet Capture Wizard on firewall devices (PIX, ASA, or FWSM).
• Packet capture based on packet match criteria is only supported on devices running ASA version
7.2(3) or later. For other devices, packet capture can only be performed based on access-lists.
To use the Packet Capture Wizard:
Step 1 Launch the Packet Capture Wizard using one of the following methods:
• Select Tools > Packet Capture Wizard.
• (Device view) Right-click on an ASA, PIX, or FWSM device and select Packet Capture on the
shortcut menu. Proceed to Step 3.
• (Event Viewer) Right-click on an event from an ASA, PIX, or FWSM device and select Packet
Capture on the shortcut menu. Proceed to Step 3.
Step 2 If you launched the Packet Capture Wizard from the Tools menu, select the device on which you want
to capture packets. The Security Devices list contains only devices on which packet capture can be run.
Step 3 If you selected a device that is the master unit of an ASA cluster, specify whether to run the capture for
the selected device only or for the entire cluster, and then click Next.
Step 4 Select the ingress interface from the drop-down list.
Note You cannot select the same interface as ingress and egress in the same wizard.
Step 5 In the Packet Match Criteria area, do one of the following:
• To specify the access list to use for matching packets, select the Access-List radio button, and then
choose the access list from the drop-down list.
• To specify packet parameters, select the Packet Parameters radio button and complete the
following fields:
–
Specify the source and destination in the Source Host / Network and Destination Host / Network
fields, respectively. You can use any of the following to specify the source or destination:
–
Network/host object. Enter the name of the object or click Select to select it from a list. You can
also create new network/host objects from the selection list.
–
Host IP address, for example, 10.10.10.100.