digg

Facebook Connect Join Digg About

Using the capture command in a Cisco Systems PIX firewall.

computernetworkinghelp.com A network security expert breaking down the usage of the capture command in a Cisco PIX firewall for beginning to intermediate security engineers including a follow along example.

Who dugg this? Made popular Mar 9, 2006

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

22 Comments

show profanity settings
expand all
  • inactive, on 10/12/2007, -0/+5much easier to understand than the cisco docs alone, digg
  • TheKillDoctor, on 10/12/2007, -1/+4Correct, Cisco needs to really step up and write better docs and quit making us buy their books!
  • jdgtrplyr, on 10/12/2007, -0/+3Good information, very useful!
  • inactive, on 10/12/2007, -0/+3Really nice info..a definate Digg
  • jdgtrplyr, on 10/12/2007, -0/+3My guess is that Cisco is trying to eliminate the possibility of administrators who are not very well trained in PIX configuration from screwing something up with debug :-/
  • inactive, on 10/12/2007, -0/+3Easy walkthrough, Digg +
  • suhr, on 10/12/2007, -0/+2Speaking as someone who uses this several times a week, I can most definitely say it's a must-know skill for anyone who ever has to troubleshoot issues on a Pix or ASA beyond what you can see in the logs and debugs.
  • brianalmond, on 10/12/2007, -0/+2This is a great article. The only better way to do this would be if you had intrusion detection in line. Then you would be better to use the IDS and save memory and cpu cycles on the PIX. This Cisco IDS has the capture command as well. Oh and by the way the article does show how to send the pcap to tftp which would allow analysis through tcpdump or ethereal. So analyzing the PCAP should be easy for any decent security pro.
  • osbjmg, on 10/12/2007, -0/+2http://www.ethereal.com ?
  • Pickled_Punk, on 10/12/2007, -0/+1Because that's beyond the scope of the article.
  • bytefoo, on 10/12/2007, -1/+2But what if someone wanted to analyze the pcap? Article makes no mention of this, or even offers links for beginning packet analysis, so i don't see how this could help a beginner-to-intermediate network admin... Kind of an abrupt cisco manual entry if you ask me.
  • inactive, on 10/12/2007, -0/+1Yes, analyzing the data was a little beyond the scope of this article but do to the interest I might do a follow up to this one on analyzing the PCAP file with Ethereal.
  • RunLevelZero, on 10/12/2007, -0/+1Excellent... thanks a lot.
  • gew95001, on 10/12/2007, -0/+1Personally I prefer the Contivity series, but this is really useful information. As for using Ethereal - yes, it's very useful, but there are times you need to capture on the device itself, especially when you need to capture the traffic inside a tunnel, which a trace taken by a PC with ethereal will not show you.
  • cmdrNacho, on 10/12/2007, -2/+2yes mazikmafia
  • squirlyblack, on 07/30/2008, -0/+0 As Adrianna921 said it, an easy walkthrough and very useful for those who have no idea on networking and try starting straight with Cisco’s docs. Stubby must have been joking when he said that as an admin you shouldn’t give that much attention to traffic capturing, because this actually is a problem with some ISPs because they cut you internet connection when you have more traffic than usual without even bothering to check what you are sending and receiving. https://cisco.hosted.jivesoftware.com/index.jspa?c ...
  • stubby, on 10/12/2007, -1/+1A beginner to intermediate network admin should probably spend more time learning about networking than worrying about capturing traffic if this isn't something that makes sense ;)
  • rfquinn, on 10/12/2007, -0/+0I just tried this out. The syntax on 6.3(3) is a little different, but still very, very cool info. I'm sure I'll be using this sometime in the near future. THANKS!
  • slug, on 10/12/2007, -3/+1well......as someone who has managed PIXes for years for fortune 500 companies I can tell you cisco has lost touch with reality by removing the debug packet command and thinking capture is a worthy replacement. What a load of crap.
  • inactive, on 10/12/2007, -4/+2C0ol
  • mhite, on 10/12/2007, -4/+1Worst... firewall... ever...
  • MuZiKMafia, on 10/12/2007, -10/+2hey i know im off topic, but all of a sudden my gmail is unavailable, and it's similar to the one that was posted earlier. I can still login to my personalized homepage, but my mail is having server problems.... Anyone else have problems?

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...

© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.