Just for the record. They are old, they are good, but they are end of life and we don’t use them any more.
How to do Packet captures on Cisco PIX.
1) clear the captures
no capture capin no capture capout
2) clear and create the acl
conf t
no access-list capacl
access-list capacl line 1 permit ip host 1.1.1.1 host 3.3.3.3
access-list capacl line 2 permit ip host 2.2.2.2 host 3.3.3.3
access-list capacl line 3 permit ip host 3.3.3.3 host 1.1.1.1
access-list capacl line 4 permit ip host 3.3.3.3 host 2.2.2.2
exit
3) create the captures
capture capin access-list capacl buffer 20000 packet-length 1500 interface inside capture capout access-list capacl buffer 20000 packet-length 1500 interface outside
SHOW
show capture
capture capin access-list capacl buffer 20000 packet-length 1500 interface inside
capture capout access-list capacl buffer 20000 packet-length 1500 interface outside
show capture capin
2 packets captured
15:47:38.523639 SomeH.35955 > OtherH.80: S 4088672547:4088672547(0) win 5840
15:47:41.524005 SomeH.35955 > OtherH.80: S 4088672547:4088672547(0) win 5840
2 packets shown
copy capture:capin tftp://myhost/capin.pcap pcap copying Capture to tftp://myhost/capin.pcap:
Patrick Marc's Networks 