If you want to clear the buffer and stop the capture use the "no capture (capturename)" command. If at any time you need to clear the buffer (but still keep the capture running!) use the "clear capture (capturename)" command. Just send your browser to download the file and open with wireshark. If the capture is quite large or messy you can also grab it via https from the firewall and import the file into wireshark. We will also set the buffer (you might want to "show mem" and check you have enough spare before hand!) m00nie-pix(config)#no access-list cap101 The following config sets up the capture for all traffic between two hosts 1.1.1.137 and 10.25.0.143 on the outside interface of our firewall. Quite a useful feature on Cisco Pix & ASAs is the ability to capture packets and then analyze it with wireshark if needed.
0 Comments
Leave a Reply. |