Comments on: How to configure a packet capture in the Cisco ASA http://analysisandreview.com/cisco/how-to-configure-a-packet-capture-in-the-cisco-asa/ Brain Dumps For All Wed, 29 Feb 2012 20:11:58 +0000 hourly 1 http://wordpress.org/?v=3.3.2 By: Kurt http://analysisandreview.com/cisco/how-to-configure-a-packet-capture-in-the-cisco-asa/#comment-1574 Kurt Fri, 10 Feb 2012 03:56:26 +0000 http://analysisandreview.com/uncategorized/how-to-configure-a-packet-capture-in-the-cisco-asa/9#comment-1574 send me the packet capture to kturner at absolutenetworks dot biz and I'll see what I can do for you =) Lots of R's could mean a couple things so I'd need to see the pcap send me the packet capture to kturner at absolutenetworks dot biz and I’ll see what I can do for you =)

Lots of R’s could mean a couple things so I’d need to see the pcap

]]> By: Mau http://analysisandreview.com/cisco/how-to-configure-a-packet-capture-in-the-cisco-asa/#comment-1572 Mau Fri, 10 Feb 2012 03:11:48 +0000 http://analysisandreview.com/uncategorized/how-to-configure-a-packet-capture-in-the-cisco-asa/9#comment-1572 I have trouble sometimes analysing the results of this packet capture, especially the meaing of these different flags. S, P, R. I cant find document on this. anyone who has document or links on these flags and analysis in ASA packet capture? I have citrix issue which can't authenticate from external, and I did capture. but most of the flags is "R", i know it reset, but why the host is resetting? thanks in advance for any input. I have trouble sometimes analysing the results of this packet capture, especially the meaing of these different flags. S, P, R. I cant find document on this. anyone who has document or links on these flags and analysis in ASA packet capture?
I have citrix issue which can’t authenticate from external, and I did capture. but most of the flags is “R”, i know it reset, but why the host is resetting? thanks in advance for any input.

]]> By: Kurt http://analysisandreview.com/cisco/how-to-configure-a-packet-capture-in-the-cisco-asa/#comment-1500 Kurt Wed, 01 Feb 2012 13:47:36 +0000 http://analysisandreview.com/uncategorized/how-to-configure-a-packet-capture-in-the-cisco-asa/9#comment-1500 I'll have to try that today!! thanks =) I’ll have to try that today!! thanks =)

]]> By: rajesh http://analysisandreview.com/cisco/how-to-configure-a-packet-capture-in-the-cisco-asa/#comment-1498 rajesh Wed, 01 Feb 2012 09:16:00 +0000 http://analysisandreview.com/uncategorized/how-to-configure-a-packet-capture-in-the-cisco-asa/9#comment-1498 there is a command through which you can import captured packerts on your system from CLI console... copy /pcap capture: tftp: I hope this would be helpful for you all. there is a command through which you can import captured packerts on your system from CLI console…

copy /pcap capture: tftp:

I hope this would be helpful for you all.

]]> By: Kurt Turner http://analysisandreview.com/cisco/how-to-configure-a-packet-capture-in-the-cisco-asa/#comment-1362 Kurt Turner Thu, 13 Oct 2011 00:57:10 +0000 http://analysisandreview.com/uncategorized/how-to-configure-a-packet-capture-in-the-cisco-asa/9#comment-1362 reset mean the connect is being closed and the two devices are communicating properly and the information e / communication exchange is completed reset mean the connect is being closed and the two devices are communicating properly and the information e / communication exchange is completed

]]> By: Anil http://analysisandreview.com/cisco/how-to-configure-a-packet-capture-in-the-cisco-asa/#comment-1361 Anil Thu, 13 Oct 2011 00:46:52 +0000 http://analysisandreview.com/uncategorized/how-to-configure-a-packet-capture-in-the-cisco-asa/9#comment-1361 If i captured the data i want to meaning of each reply. e.g. S – SYN A- ACK R R- reset etc. If reset come from src then what meaning and come from dest then what is that mean. Can any one of share this in details. If i captured the data i want to meaning of each reply.
e.g. S – SYN
A- ACK R
R- reset etc.
If reset come from src then what meaning and come from dest then what is that mean.

Can any one of share this in details.

]]> By: Anil http://analysisandreview.com/cisco/how-to-configure-a-packet-capture-in-the-cisco-asa/#comment-1360 Anil Thu, 13 Oct 2011 00:46:23 +0000 http://analysisandreview.com/uncategorized/how-to-configure-a-packet-capture-in-the-cisco-asa/9#comment-1360 If i captured the data i want to meaning of each reply. e.g. S - SYN A- ACK R R- reset etc. If reset come from src then what meaning and come from dest then what is that mean. Can any one of share this in details. If i captured the data i want to meaning of each reply.
e.g. S – SYN
A- ACK R
R- reset etc.
If reset come from src then what meaning and come from dest then what is that mean.

Can any one of share this in details.

]]> By: Kurt Turner http://analysisandreview.com/cisco/how-to-configure-a-packet-capture-in-the-cisco-asa/#comment-1175 Kurt Turner Mon, 18 Apr 2011 12:58:45 +0000 http://analysisandreview.com/uncategorized/how-to-configure-a-packet-capture-in-the-cisco-asa/9#comment-1175 @jaykay thanks jaykay - here are the commands to set up a port monitor the old school way.. just like we do in our switches.. hostname(config)# interface ethernet 0/1 hostname(config-if)# switchport monitor ethernet 0/0 hostname(config-if)# switchport monitor ethernet 0/2 So with this you'll plug your laptop oo PC in port ethernet 0/1 - all traffic from 0/0 and 0/2 will be pushed to 0/1 - set up wireshark to monitor traffic and there ya go @jaykay

thanks jaykay – here are the commands to set up a port monitor the old school way.. just like we do in our switches..

hostname(config)# interface ethernet 0/1
hostname(config-if)# switchport monitor ethernet 0/0
hostname(config-if)# switchport monitor ethernet 0/2

So with this you’ll plug your laptop oo PC in port ethernet 0/1 – all traffic from 0/0 and 0/2 will be pushed to 0/1 – set up wireshark to monitor traffic and there ya go

]]> By: jaykay http://analysisandreview.com/cisco/how-to-configure-a-packet-capture-in-the-cisco-asa/#comment-1163 jaykay Sat, 16 Apr 2011 21:50:27 +0000 http://analysisandreview.com/uncategorized/how-to-configure-a-packet-capture-in-the-cisco-asa/9#comment-1163 Hi guys, sure you can set up port mirroring on the ASA, see here: http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s8.html#wp1411559 Best, jaykay Hi guys,

sure you can set up port mirroring on the ASA, see here:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s8.html#wp1411559

Best,

jaykay

]]> By: Kurt Turner http://analysisandreview.com/cisco/how-to-configure-a-packet-capture-in-the-cisco-asa/#comment-650 Kurt Turner Tue, 22 Mar 2011 21:01:01 +0000 http://analysisandreview.com/uncategorized/how-to-configure-a-packet-capture-in-the-cisco-asa/9#comment-650 the ACL will not stop traffic however if you have a large amount of production traffic it's going to have some performance impact.. I would try to limit it to IP addresses I've never set up a port monitor or span on ASA.. not sure if you can.. just do the capture like I said and then open it up in a web browser to download the pcap - then you can open the pcap in your sniffer the ACL will not stop traffic however if you have a large amount of production traffic it’s going to have some performance impact.. I would try to limit it to IP addresses

I’ve never set up a port monitor or span on ASA.. not sure if you can.. just do the capture like I said and then open it up in a web browser to download the pcap – then you can open the pcap in your sniffer

]]>