When a shell is not enoughFull packet capture on Cisco Firewall
Create and fire up the packet capture
# capture MYCAP interface IFNAME packet-length 1500 buffer SIZE
The above command will capture everything; if you want to filter your capture, add an access list, like so:
# capture MYCAP interface IFNAME packet-length 1500 access-list 777 buffer SIZE
Remember to define access-list 777 first. Of course, you can substitute 777 with any other number.
Stop the capture
# no capture MYCAP interface IFNAME
Retrieve the captured data
- Point your browser to the firewall SSL URL like so: https://FW-IP-address/capture/MYCAP/pcap
- Download the pcap file, and open it with wireshark or a similar tool.
Note: you can also use tftp to get the pcap.
Clean-up
# no capture MYCAP