|
Using Wireshark with an ASA |
|
Written by Paul Stewart
|
|
Wednesday, 20 August 2008 |
|
|
Packet captures can often give us immediate insight into potential trouble spots on our networks. One of the biggest issues I find is having to get up from my desk, and possibly get in my car in order to get physically connected where I need to pull the packets from. One key place that we often need to look at packets is at the firewall. I have for some time knew about some of the capturing capabilities of the Cisco ASA. In the later code and ASDM (ASA Device Manager), this has become really user friendly.
After opening the ASDM, the firewall administrator can specify the local path to Wireshark, Ethereal, or anything else that can open a .cap file. To start a capture, simply go to the “Wizards” then “Packet Capture Wizard”. Next select the ingress and egress interface as well as the type of traffic that you desire to capture. Click the start button. The packets will scroll down the window of the ASDM. This is only a text view of the packets. Decide if you would like to view the packets from the ingress interface or the egress interface. From here you can grab the current packets and launch the packet sniffer application. If more traffic comes in, you may want to re-launch the Wireshark or the like to refresh its data. I have found this to be a great time saver and a great way to get the packets you need regardless of your physical location. If you like this article please share it with a friend.
|
