Using Wireshark with an ASA

Packet captures can often give us immediate insight into potential trouble spots on our networks.  One of the biggest issues I find is having to get up from my desk, and possibly get in my car in order to get physically connected where I need to pull the packets from.  One key place that we often need to look at packets is at the firewall.  I have for some time knew about some of the capturing capabilities of the Cisco ASA.  In the later code and ASDM (ASA Device Manager), this has become really user friendly.

After opening the ASDM, the firewall administrator can specify the local path to Wireshark, Ethereal, or anything else that can open a .cap file.  To start a capture, simply go to the “Wizards” then “Packet Capture Wizard”.  Next select the ingress and egress interface as well as the type of traffic that you desire to capture.  Click the start button.  The packets will scroll down the window of the ASDM.  This is only a text view of the packets.  Decide if you would like to view the packets from the ingress interface or the egress interface.

From here you can grab the current packets and launch the packet sniffer application.  If more traffic comes in, you may want to re-launch the Wireshark or the like to refresh its data.  I have found this to be a great time saver and a great way to get the packets you need regardless of your physical location.

No related content found.

About Paul Stewart, CCIE 26009 (Security)

Paul is a Network and Security Engineer, Trainer and Blogger who enjoys understanding how things really work. With over 15 years of experience in the technology industry, Paul has helped many organizations build, maintain and secure their networks and systems.
This entry was posted in How-To and tagged . Bookmark the permalink.

One Response to Using Wireshark with an ASA

  1. Pingback: ASA’s “show conn” Command for TCP Troubleshooting | eiccsolutions

Comments are closed.