Packet tracer and Packet capture are two of the important features in ASA that we can use for troubleshooting certain traffic flow.
Packet tracer: Packet tracer feature in ASA can be used to simulate a traffic flow in ASA. The result will show whether a particular flow is allowed or denied by ASA. This does not require any live traffic to flow via ASA
Packet Capture: Packet Capture feature in ASA can be used to capture the live traffic that is going via ASA.
Command to capture the packets via CLI: Capture <Capture name> interface <interface name> match <protocol> <source IP> <subnet mask> <destination IP> <subnet mask>
Example: If you want to capture all the packets between 10.1.1.1 and 220.127.116.11.
Capture Myfirstcapture interface inside match ip 10.1.1.1 255.255.255.255 18.104.22.168 255.255.255.255
- Myfirstcapture is the name of the packet capture.
- inside is the interface on which we will capture the packets. This can either be the ingress or egress interface in ASA.
- Protocol can be IP/ TCP/UDP/ICMP or any other protocols. If you want to capture specific TCP flow, then you need to provide the source port and destination port.
- The default buffer size is 512 KB, and the default packet size 1518 bytes. If you want to increase or decrease the buffersize and packet size, then additionally use the command: capture Myfirstcapture packet-length 1500 buffer 5555
- Additionally, you can use the circular buffer option to overwrite the packets once the buffer is full.
- Use show capture <Capture name> to see the captured packets. In this case, use “show capture Myfirstcapture”
- Use Clear capture <Capture name> to clear the all the packets in the buffer. In this case use “clear capture Myfirstcapture”
- Use no capture <Capture name> to completely delete/stop the capture file from ASA. In this case use “no capture MyfirstCapture”