- execute show commands
- debug
- monitor logs ( syslog , show log , grep............)
- or on ocassion, we do a packet capture
In my day to day duties, I'm typically doing any or all the four above, & when trouble-shooting issues.
On the ASA with the newer code, it's very simple to conduct a packet diagnostics. I will walk you thru a typical packet capture episode
1: Build a access-list to match on just traffic of interest
( very important if you have a busy link, don't try to capture all traffic, you might missed the traffic of interest and waste memory space & time....... use a ACL )
!!! BE SPECIFIC AS POSSIBLE in your ACL !!!
e.g
access-list myacl standard permit 10.10.10.10 255.255.255.255
Will capture traffic for that host only.
2: you need to specify a capture name
3:monitor active captures with the "show cap" cmd
4: delete any access-list and capture at the conclusion of the t-shoot event.
here's a few screen shots of a capture on within a asa.
( validating my ACL and then applying the capture )
( removing captures )
( capture based on ethernet frame type no ip )
( copying a capture to disk0 for later downloading )
So now you have the option to copy the saved capture, & to a device of your pick'ins for off appliance analysis or deliver to let's cisco TAC.
Ken Felix
Freelance Network / Security Engineer
kfelix ----a---t---socpuppets ---d---o---t---com
^ ^
=( @ @ )=
o
/ \
No comments:
Post a Comment