Cisco ASA Packet Capture
Ranked #13,237 in Computers & Electronics, #268,943 overall
How to setup a packet capture with cisco PIX or ASA
Your server admin thinks you're stopping there server from communicating properly with another device in the network and they say it's all your fault. This article describes how to monitor IP traffic that passes though your cisco PIX or ASA so you can prove to them that it's not the network.
Monitor your network traffic
- how to capture packets with cisco asa or pix
- Monitor your network traffic and sniff out all traffic which crosses your cisco pix or asa.
The sever admins worst nightmare, a smart network guy with monitoring skills
Packet Capture
In order to utilize a packet capture you must understand what you're looking at. If you don't know what you're looking at then it does you no good to capture the packets. First things first you must set up a packet capture with your cisco pix or asa as seen here http://analysisandreview.com/cisco/how-to-configure-a-packet-capture-in-the-cisco-asa/
Now once you look at the capture you'll likely be cornfused and wonder whats up. If thats the case then you need to understand the tcp three way hand shake.
To establish a connection, TCP uses a three-way handshake. Before a client attempts to connect with a server, the server must first connect to a port for connection.. this is called a passive open. Once the passive open is made a client may initiate an active open. To establish a connection, the three-way handshake occurs like this
1. SYN = The active open is performed by the client sending a SYN to the server.
2. SYN-ACK =In response, the server replies with a SYN-ACK.
3. ACK = Finally the client sends an ACK back to the server.
At this point, both the client and server have received an acknowledgment of the connection.
So in your packet capture you'll see the ack and syn ack so you'll be able to show the sever admin that there servers are able to communicate via the network and that your end is clear.
Now once you look at the capture you'll likely be cornfused and wonder whats up. If thats the case then you need to understand the tcp three way hand shake.
To establish a connection, TCP uses a three-way handshake. Before a client attempts to connect with a server, the server must first connect to a port for connection.. this is called a passive open. Once the passive open is made a client may initiate an active open. To establish a connection, the three-way handshake occurs like this
1. SYN = The active open is performed by the client sending a SYN to the server.
2. SYN-ACK =In response, the server replies with a SYN-ACK.
3. ACK = Finally the client sends an ACK back to the server.
At this point, both the client and server have received an acknowledgment of the connection.
So in your packet capture you'll see the ack and syn ack so you'll be able to show the sever admin that there servers are able to communicate via the network and that your end is clear.
Good video to help you read your packet capture
by Kilroy
Kilroy is blogging now.. unreal!
- 1 featured lens
- Winner of 3 trophies!
- Top lens » Cisco ASA Packet Capture
Feeling creative?
Create a Lens!
