SlideShare a Scribd company logo

Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01

Duane Bodle
Duane Bodle

This document provides instructions for configuring packet capture on a Cisco ASA firewall. It describes using the packet capture wizard in ASDM or CLI commands to define a capture named "capin" on the inside interface and "capout" on the outside interface. The capture filters use access lists to match traffic between the inside and outside networks. The show capture command can then be used to view the captured packets.

1 of 9
Download to read offline
Configuring a Packet Capture on Cisco ASA Capturing packets is useful when you troubleshoot connectivity problems or monitor suspicious activity. Note: Enabling WebVPN capture affects the performance of the security appliance. Make sure to disable the capture after you generate the capture files that you need for troubleshooting. Configure In this section, you are presented with the information to configure the packet capture feature described in this document. Network Diagram This document uses this network setup: Configure Packet Capture using ASDM Complete these steps in order to configure the Packet Capturing feature in ASA. For example, the configuration done here is to capture the packets transmitted during a ping from User1 (Inside network) to Router1 (Outside network): 1. Choose Wizards > Packet Capture Wizard in order to start the packet capture configuration, as shown:
2. The capture wizard opens. Click Next as shown here: 3. In the new window provide the parameters to capture the INGRESS traffic. 4. Choose the Ingress interface as Inside and provide the source and the destination IP address of the packets to be captured with their subnet mask in the respective space provided. 5. Also, choose the packet type to be captured by ASA (IP is the packet type chosen here), as shown: Click Next.
6. Choose the Egress interface as Outside and provide the source and the destination IP address with their subnet mask in the respective spaces provided as shown: Click Next. 7. Provide the Packet size and the Capture buffer size in the respective space provided as these data are required for the capture to take place. 8. Also, remember to check the Use circular buffer check box if you want to use the circular buffer option. In this example, circular buffer is not used so the check box is not checked.
Click Next. 9. This window shows the Access−lists to be configured on the ASA for the the ASA to capture the desired packets and shows the type of packet (IP packets are captured in this example). Click Next. 10. Click Start to start the Packet capture as shown here:
11. As the Packet capture has been started, try to ping the Outside network from the Inside network so that the packets flowing between the source and the destination are captured by the ASA Capture buffer. 12. Click Get Capture Buffer in order to view the packets captured by the ASA capture buffer. 13. The captured packets are shown in this window for both Ingress and Egress traffic. 14. Click Save captures in order to save the capture information as shown:
15. In the Save Captures window choose the required format in which the capture buffer is to be saved. This is either ASCII or PCAP. Click the radio button next to the format names. 16. Then, click Save ingress capture or Save egress capture as required. If you specify the pcap format, then you can open the file using TCPDUMP or Ethereal. The capture file in ASCII format can be viewed using the web browser.
17. In the Save capture file window provide the file name and the location where the capture file is to be saved, then click Save as shown: 18. Click Finish. This completes the packet capture procedure. Step−By−Step Procedure to Configure Packet Capture in ASA using CLI Complete these steps in order to configure Packet capture in ASA using CLI: 1. Configure the Inside and Outside interfaces as shown in the network diagram with IP address and Security−levels.
2. Configure the access−lists asdm_cap_selector_inside and asdm_cap_selector_outside for capturing the packets that travel from the inside network to the outside network and outside network to inside network . access−list asdm_cap_selector_inside extended permit ip host 10.20.10.2 host 172.16.x.y access−list asdm_cap_selector_inside extended permit ip host 172.16.1.2 host 10.20.1.y access−list asdm_cap_selector_outside extended permit ip host 172.16.1.2 host 10.20.x.y access−list asdm_cap_selector_outside extended permit ip host 10.20.10.2 host 172.16.x.y 3. Start the packet capture process using the capture command in privileged EXEC mode. 4. The capture command should be used after the access−lists have been configured as shown in the ASA configuration. In this configuration example, the capture named capin is defined. 5. Bind it to the inside interface, and specify to only capture packets that match the access−list asdm_cap_selector_inside as shown here: ASA#capture capin interface inside access−list asdm_cap_selector_inside Similarly, the capture named capout is defined. Bind it to the outside interface, and specify to only capture packets that match the access−list asdm_cap_selector_outside as shown here: ASA#capture capout interface outside access−list asdm_cap_selector_outside The ASA will now start capturing the traffic flow between the interfaces. In order to stop the capture at anytime, use the no capture command followed by the capture name. Viewing the Captured Packets on ASA Viewing the Captured packets on the ASA Device In order to view the captured packets, use the show capture command followed by the capture name. These are the show command outputs of the capture buffer contents: The show capture capin command shows the contents of the capture buffer named capin. ASA#show capture capin 20 packets captured 1: 01:49:24.087474 10.20.10.2 > 172.16.1.2: icmp: echo request 2: 01:49:24.087474 172.16.1.2 > 10.20.10.2: icmp: echo reply 3: 01:49:24.087474 10.20.10.2 > 172.16.1.2: icmp: echo request 4: 01:49:24.087474 172.16.1.2 > 10.20.10.2: icmp: echo reply 5: 01:49:24.087474 10.20.10.2 > 172.16.1.2: icmp: echo request 6: 01:49:24.087474 172.16.1.2 > 10.20.10.2: icmp: echo reply 7: 01:49:24.087474 10.20.10.2 > 172.16.1.2: icmp: echo request 8: 01:49:24.087474 172.16.1.2 > 10.20.10.2: icmp: echo reply 9: 01:49:24.087474 10.20.10.2 > 172.16.1.2: icmp: echo request 10: 01:49:24.087474 172.16.1.2 > 10.20.10.2: icmp: echo reply 11: 01:49:26.247042 172.16.1.2 > 10.20.10.2: icmp: echo request 12: 01:49:26.247042 10.20.10.2 > 172.16.1.2: icmp: echo reply 13: 01:49:26.247042 172.16.1.2 > 10.20.10.2: icmp: echo request 14: 01:49:26.247042 10.20.10.2 > 172.16.1.2: icmp: echo reply 15: 01:49:26.257051 172.16.1.2 > 10.20.10.2: icmp: echo request 16: 01:49:26.257051 10.20.10.2 > 172.16.1.2: icmp: echo reply 17: 01:49:26.257051 172.16.1.2 > 10.20.10.2: icmp: echo request
18: 01:49:26.257051 10.20.10.2 > 172.16.1.2: icmp: echo reply 19: 01:49:26.257051 172.16.1.2 > 10.20.10.2: icmp: echo request 20: 01:49:26.257051 10.20.10.2 > 172.16.1.2: icmp: echo reply 20 packets shown The show capture capout command shows the contents of the capture buffer named capout. ASA#show capture capout 20 packets captured 1: 01:49:24.087474 10.20.10.2 > 172.16.1.2: icmp: echo request 2: 01:49:24.087474 172.16.1.2 > 10.20.10.2: icmp: echo reply 3: 01:49:24.087474 10.20.10.2 > 172.16.1.2: icmp: echo request 4: 01:49:24.087474 172.16.1.2 > 10.20.10.2: icmp: echo reply 5: 01:49:24.087474 10.20.10.2 > 172.16.1.2: icmp: echo request 6: 01:49:24.087474 172.16.1.2 > 10.20.10.2: icmp: echo reply 7: 01:49:24.087474 10.20.10.2 > 172.16.1.2: icmp: echo request 8: 01:49:24.087474 172.16.1.2 > 10.20.10.2: icmp: echo reply 9: 01:49:24.087474 10.20.10.2 > 172.16.1.2: icmp: echo request 10: 01:49:24.087474 172.16.1.2 > 10.20.10.2: icmp: echo reply 11: 01:49:26.247042 172.16.1.2 > 10.20.10.2: icmp: echo request 12: 01:49:26.247042 10.20.10.2 > 172.16.1.2: icmp: echo reply 13: 01:49:26.247042 172.16.1.2 > 10.20.10.2: icmp: echo request 14: 01:49:26.247042 10.20.10.2 > 172.16.1.2: icmp: echo reply

Recommended

Using packet-tracer, capture and other Cisco ASA tools for network troublesho...
Using packet-tracer, capture and other Cisco ASA tools for network troublesho...Using packet-tracer, capture and other Cisco ASA tools for network troublesho...
Using packet-tracer, capture and other Cisco ASA tools for network troublesho...Cisco Russia
 
Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)Cisco Security
 
Basic ASA Configuration, NAT in ASA Firewall
Basic ASA Configuration, NAT in ASA Firewall Basic ASA Configuration, NAT in ASA Firewall
Basic ASA Configuration, NAT in ASA Firewall NetProtocol Xpert
 
Cisco asa active,active failover configuration
Cisco asa active,active failover configurationCisco asa active,active failover configuration
Cisco asa active,active failover configurationIT Tech
 
ASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & AnswersASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & AnswersNetProtocol Xpert
 
Cisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideCisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideHarris Andrea
 
Palo Alto Virtual firewall deployment guide on OpenStack Cloud
Palo Alto Virtual firewall deployment guide on OpenStack Cloud Palo Alto Virtual firewall deployment guide on OpenStack Cloud
Palo Alto Virtual firewall deployment guide on OpenStack Cloud Ajeet Singh
 
Deploy Failover/High Availability in ASA Firewall
Deploy Failover/High Availability in ASA FirewallDeploy Failover/High Availability in ASA Firewall
Deploy Failover/High Availability in ASA FirewallKHNOG
 

Recommended

Using packet-tracer, capture and other Cisco ASA tools for network troublesho...
Using packet-tracer, capture and other Cisco ASA tools for network troublesho...Using packet-tracer, capture and other Cisco ASA tools for network troublesho...
Using packet-tracer, capture and other Cisco ASA tools for network troublesho...Cisco Russia
 
Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)Cisco Security
 
Basic ASA Configuration, NAT in ASA Firewall
Basic ASA Configuration, NAT in ASA Firewall Basic ASA Configuration, NAT in ASA Firewall
Basic ASA Configuration, NAT in ASA Firewall NetProtocol Xpert
 
Cisco asa active,active failover configuration
Cisco asa active,active failover configurationCisco asa active,active failover configuration
Cisco asa active,active failover configurationIT Tech
 
ASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & AnswersASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & AnswersNetProtocol Xpert
 
Cisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideCisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideHarris Andrea
 
Palo Alto Virtual firewall deployment guide on OpenStack Cloud
Palo Alto Virtual firewall deployment guide on OpenStack Cloud Palo Alto Virtual firewall deployment guide on OpenStack Cloud
Palo Alto Virtual firewall deployment guide on OpenStack Cloud Ajeet Singh
 
Deploy Failover/High Availability in ASA Firewall
Deploy Failover/High Availability in ASA FirewallDeploy Failover/High Availability in ASA Firewall
Deploy Failover/High Availability in ASA FirewallKHNOG
 
Palo Alto VM-100 Configuration Lab
Palo Alto VM-100 Configuration LabPalo Alto VM-100 Configuration Lab
Palo Alto VM-100 Configuration LabMykhaylo Skrypka
 
Advanced Network Design
Advanced Network DesignAdvanced Network Design
Advanced Network DesignCisco Russia
 
Packet tracer 6.2 new features
Packet tracer 6.2 new featuresPacket tracer 6.2 new features
Packet tracer 6.2 new featuresSebastien Langlois
 
Vpn site to site
Vpn site to siteVpn site to site
Vpn site to siteIT Tech
 
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...Salem Trabelsi
 
Remote VPN
Remote VPNRemote VPN
Remote VPNNetwax Lab
 
CCNA Security 07-Securing the local area network
CCNA Security 07-Securing the local area networkCCNA Security 07-Securing the local area network
CCNA Security 07-Securing the local area networkAhmed Habib
 
Vpn
VpnVpn
VpnJose Rivera
 
CCNP Switching Chapter 9
CCNP Switching Chapter 9CCNP Switching Chapter 9
CCNP Switching Chapter 9Chaing Ravuth
 
Network topology by essay corp uk
Network topology by essay corp ukNetwork topology by essay corp uk
Network topology by essay corp ukJohnsmith5188
 
6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructorSalem Trabelsi
 
Cipc
CipcCipc
Cipcashiesh0007
 
CCNA 2 Routing and Switching v5.0 Chapter 6
CCNA 2 Routing and Switching v5.0 Chapter 6CCNA 2 Routing and Switching v5.0 Chapter 6
CCNA 2 Routing and Switching v5.0 Chapter 6Nil Menon
 
Types of interfaces in a Cisco Router
Types of interfaces in a Cisco RouterTypes of interfaces in a Cisco Router
Types of interfaces in a Cisco RouterNetProtocol Xpert
 
6.5.1.3 packet tracer layer 2 vlan security instructor
6.5.1.3 packet tracer layer 2 vlan security instructor6.5.1.3 packet tracer layer 2 vlan security instructor
6.5.1.3 packet tracer layer 2 vlan security instructorSalem Trabelsi
 
Ccna sv2 instructor_ppt_ch8
Ccna sv2 instructor_ppt_ch8Ccna sv2 instructor_ppt_ch8
Ccna sv2 instructor_ppt_ch8Babaa Naya
 
CCNA 2 Routing and Switching v5.0 Chapter 9
CCNA 2 Routing and Switching v5.0 Chapter 9CCNA 2 Routing and Switching v5.0 Chapter 9
CCNA 2 Routing and Switching v5.0 Chapter 9Nil Menon
 
Ipv6 Security with Mikrotik RouterOS by Wardner Maia
Ipv6 Security with Mikrotik RouterOS by Wardner MaiaIpv6 Security with Mikrotik RouterOS by Wardner Maia
Ipv6 Security with Mikrotik RouterOS by Wardner MaiaWardner Maia
 
Site to Site VPN CISCO ASA
Site to Site VPN CISCO ASASite to Site VPN CISCO ASA
Site to Site VPN CISCO ASARahul E
 
Поиск и устранение неисправностей в вычислительной системе Cisco UCS
Поиск и устранение неисправностей в вычислительной системе Cisco UCSПоиск и устранение неисправностей в вычислительной системе Cisco UCS
Поиск и устранение неисправностей в вычислительной системе Cisco UCSCisco Russia
 
IPSec VPN
IPSec VPNIPSec VPN
IPSec VPNNetProtocol Xpert
 
Surviving The Stump The Chump Interview Questions
Surviving The Stump The Chump Interview QuestionsSurviving The Stump The Chump Interview Questions
Surviving The Stump The Chump Interview QuestionsDuane Bodle
 

More Related Content

What's hot

Palo Alto VM-100 Configuration Lab
Palo Alto VM-100 Configuration LabPalo Alto VM-100 Configuration Lab
Palo Alto VM-100 Configuration LabMykhaylo Skrypka
 
Advanced Network Design
Advanced Network DesignAdvanced Network Design
Advanced Network DesignCisco Russia
 
Packet tracer 6.2 new features
Packet tracer 6.2 new featuresPacket tracer 6.2 new features
Packet tracer 6.2 new featuresSebastien Langlois
 
Vpn site to site
Vpn site to siteVpn site to site
Vpn site to siteIT Tech
 
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...Salem Trabelsi
 
CCNA Security 07-Securing the local area network
CCNA Security 07-Securing the local area networkCCNA Security 07-Securing the local area network
CCNA Security 07-Securing the local area networkAhmed Habib
 
CCNP Switching Chapter 9
CCNP Switching Chapter 9CCNP Switching Chapter 9
CCNP Switching Chapter 9Chaing Ravuth
 
Network topology by essay corp uk
Network topology by essay corp ukNetwork topology by essay corp uk
Network topology by essay corp ukJohnsmith5188
 
6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructorSalem Trabelsi
 
CCNA 2 Routing and Switching v5.0 Chapter 6
CCNA 2 Routing and Switching v5.0 Chapter 6CCNA 2 Routing and Switching v5.0 Chapter 6
CCNA 2 Routing and Switching v5.0 Chapter 6Nil Menon
 
Types of interfaces in a Cisco Router
Types of interfaces in a Cisco RouterTypes of interfaces in a Cisco Router
Types of interfaces in a Cisco RouterNetProtocol Xpert
 
6.5.1.3 packet tracer layer 2 vlan security instructor
6.5.1.3 packet tracer layer 2 vlan security instructor6.5.1.3 packet tracer layer 2 vlan security instructor
6.5.1.3 packet tracer layer 2 vlan security instructorSalem Trabelsi
 
Ccna sv2 instructor_ppt_ch8
Ccna sv2 instructor_ppt_ch8Ccna sv2 instructor_ppt_ch8
Ccna sv2 instructor_ppt_ch8Babaa Naya
 
CCNA 2 Routing and Switching v5.0 Chapter 9
CCNA 2 Routing and Switching v5.0 Chapter 9CCNA 2 Routing and Switching v5.0 Chapter 9
CCNA 2 Routing and Switching v5.0 Chapter 9Nil Menon
 
Ipv6 Security with Mikrotik RouterOS by Wardner Maia
Ipv6 Security with Mikrotik RouterOS by Wardner MaiaIpv6 Security with Mikrotik RouterOS by Wardner Maia
Ipv6 Security with Mikrotik RouterOS by Wardner MaiaWardner Maia
 
Site to Site VPN CISCO ASA
Site to Site VPN CISCO ASASite to Site VPN CISCO ASA
Site to Site VPN CISCO ASARahul E
 
Поиск и устранение неисправностей в вычислительной системе Cisco UCS
Поиск и устранение неисправностей в вычислительной системе Cisco UCSПоиск и устранение неисправностей в вычислительной системе Cisco UCS
Поиск и устранение неисправностей в вычислительной системе Cisco UCSCisco Russia
 

What's hot (20)

Palo Alto VM-100 Configuration Lab
Palo Alto VM-100 Configuration LabPalo Alto VM-100 Configuration Lab
Palo Alto VM-100 Configuration Lab
 
Advanced Network Design
Advanced Network DesignAdvanced Network Design
Advanced Network Design
 
Packet tracer 6.2 new features
Packet tracer 6.2 new featuresPacket tracer 6.2 new features
Packet tracer 6.2 new features
 
Vpn site to site
Vpn site to siteVpn site to site
Vpn site to site
 
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
 
Remote VPN
Remote VPNRemote VPN
Remote VPN
 
CCNA Security 07-Securing the local area network
CCNA Security 07-Securing the local area networkCCNA Security 07-Securing the local area network
CCNA Security 07-Securing the local area network
 
Vpn
VpnVpn
Vpn
 
CCNP Switching Chapter 9
CCNP Switching Chapter 9CCNP Switching Chapter 9
CCNP Switching Chapter 9
 
Network topology by essay corp uk
Network topology by essay corp ukNetwork topology by essay corp uk
Network topology by essay corp uk
 
6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor
 
Cipc
CipcCipc
Cipc
 
CCNA 2 Routing and Switching v5.0 Chapter 6
CCNA 2 Routing and Switching v5.0 Chapter 6CCNA 2 Routing and Switching v5.0 Chapter 6
CCNA 2 Routing and Switching v5.0 Chapter 6
 
Types of interfaces in a Cisco Router
Types of interfaces in a Cisco RouterTypes of interfaces in a Cisco Router
Types of interfaces in a Cisco Router
 
6.5.1.3 packet tracer layer 2 vlan security instructor
6.5.1.3 packet tracer layer 2 vlan security instructor6.5.1.3 packet tracer layer 2 vlan security instructor
6.5.1.3 packet tracer layer 2 vlan security instructor
 
Ccna sv2 instructor_ppt_ch8
Ccna sv2 instructor_ppt_ch8Ccna sv2 instructor_ppt_ch8
Ccna sv2 instructor_ppt_ch8
 
CCNA 2 Routing and Switching v5.0 Chapter 9
CCNA 2 Routing and Switching v5.0 Chapter 9CCNA 2 Routing and Switching v5.0 Chapter 9
CCNA 2 Routing and Switching v5.0 Chapter 9
 
Ipv6 Security with Mikrotik RouterOS by Wardner Maia
Ipv6 Security with Mikrotik RouterOS by Wardner MaiaIpv6 Security with Mikrotik RouterOS by Wardner Maia
Ipv6 Security with Mikrotik RouterOS by Wardner Maia
 
Site to Site VPN CISCO ASA
Site to Site VPN CISCO ASASite to Site VPN CISCO ASA
Site to Site VPN CISCO ASA
 
Поиск и устранение неисправностей в вычислительной системе Cisco UCS
Поиск и устранение неисправностей в вычислительной системе Cisco UCSПоиск и устранение неисправностей в вычислительной системе Cisco UCS
Поиск и устранение неисправностей в вычислительной системе Cisco UCS
 

Viewers also liked

Surviving The Stump The Chump Interview Questions
Surviving The Stump The Chump Interview QuestionsSurviving The Stump The Chump Interview Questions
Surviving The Stump The Chump Interview QuestionsDuane Bodle
 
Regular Expression Patterns
Regular Expression PatternsRegular Expression Patterns
Regular Expression PatternsDuane Bodle
 
DBodle QoS Exam Study Notes
DBodle QoS Exam Study NotesDBodle QoS Exam Study Notes
DBodle QoS Exam Study NotesDuane Bodle
 
Network Engineer Interview Questions with Answers
Network Engineer Interview Questions with Answers Network Engineer Interview Questions with Answers
Network Engineer Interview Questions with Answers Sarmad Ali
 
Cisco Exam # 642 611 Mpls Study Notes
Cisco Exam # 642 611 Mpls Study NotesCisco Exam # 642 611 Mpls Study Notes
Cisco Exam # 642 611 Mpls Study NotesDuane Bodle
 
Basic BGP Trouble Shooting Candidate Screening
Basic BGP Trouble Shooting Candidate ScreeningBasic BGP Trouble Shooting Candidate Screening
Basic BGP Trouble Shooting Candidate ScreeningDuane Bodle
 
QoS In The Enterprise
QoS In The EnterpriseQoS In The Enterprise
QoS In The EnterprisePrivate
 
QoS (quality of service)
QoS (quality of service)QoS (quality of service)
QoS (quality of service)Sri Safrina
 
Mastering checkpoint-1-basic-installation
Mastering checkpoint-1-basic-installationMastering checkpoint-1-basic-installation
Mastering checkpoint-1-basic-installationnetworkershome
 
Project Business Case and Capital Justification for Implementation of Applica...
Project Business Case and Capital Justification for Implementation of Applica...Project Business Case and Capital Justification for Implementation of Applica...
Project Business Case and Capital Justification for Implementation of Applica...Duane Bodle
 

Viewers also liked (16)

IPSec VPN
IPSec VPNIPSec VPN
IPSec VPN
 
Surviving The Stump The Chump Interview Questions
Surviving The Stump The Chump Interview QuestionsSurviving The Stump The Chump Interview Questions
Surviving The Stump The Chump Interview Questions
 
Regular Expression Patterns
Regular Expression PatternsRegular Expression Patterns
Regular Expression Patterns
 
DBodle QoS Exam Study Notes
DBodle QoS Exam Study NotesDBodle QoS Exam Study Notes
DBodle QoS Exam Study Notes
 
NAT in ASA Firewall
NAT in ASA Firewall NAT in ASA Firewall
NAT in ASA Firewall
 
Network Engineer Interview Questions with Answers
Network Engineer Interview Questions with Answers Network Engineer Interview Questions with Answers
Network Engineer Interview Questions with Answers
 
Cisco Exam # 642 611 Mpls Study Notes
Cisco Exam # 642 611 Mpls Study NotesCisco Exam # 642 611 Mpls Study Notes
Cisco Exam # 642 611 Mpls Study Notes
 
Par2 2 0901(1)
Par2 2 0901(1)Par2 2 0901(1)
Par2 2 0901(1)
 
Basic BGP Trouble Shooting Candidate Screening
Basic BGP Trouble Shooting Candidate ScreeningBasic BGP Trouble Shooting Candidate Screening
Basic BGP Trouble Shooting Candidate Screening
 
NAT Ccna
NAT CcnaNAT Ccna
NAT Ccna
 
Cisco ASA Firewalls
Cisco ASA FirewallsCisco ASA Firewalls
Cisco ASA Firewalls
 
QoS In The Enterprise
QoS In The EnterpriseQoS In The Enterprise
QoS In The Enterprise
 
IPSec_VPN_Final_
IPSec_VPN_Final_IPSec_VPN_Final_
IPSec_VPN_Final_
 
QoS (quality of service)
QoS (quality of service)QoS (quality of service)
QoS (quality of service)
 
Mastering checkpoint-1-basic-installation
Mastering checkpoint-1-basic-installationMastering checkpoint-1-basic-installation
Mastering checkpoint-1-basic-installation
 
Project Business Case and Capital Justification for Implementation of Applica...
Project Business Case and Capital Justification for Implementation of Applica...Project Business Case and Capital Justification for Implementation of Applica...
Project Business Case and Capital Justification for Implementation of Applica...
 

Similar to Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01

26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rulesFreddy Buenaño
 
How can you configure Wireshark to always recognize port 444 as an S.pdf
How can you configure Wireshark to always recognize port 444 as an S.pdfHow can you configure Wireshark to always recognize port 444 as an S.pdf
How can you configure Wireshark to always recognize port 444 as an S.pdfarkleatheray
 
3.7.10 Lab Use Wireshark to View Network Traffic
3.7.10 Lab Use Wireshark to View Network Traffic3.7.10 Lab Use Wireshark to View Network Traffic
3.7.10 Lab Use Wireshark to View Network TrafficRio Ap
 
Mac ip snmp
Mac ip snmpMac ip snmp
Mac ip snmpgielth01
 
Laporan Praktikum Keamanan Siber - Tugas 7 -Kelas C - Kelompok 3.pdf
Laporan Praktikum Keamanan Siber - Tugas 7 -Kelas C - Kelompok 3.pdfLaporan Praktikum Keamanan Siber - Tugas 7 -Kelas C - Kelompok 3.pdf
Laporan Praktikum Keamanan Siber - Tugas 7 -Kelas C - Kelompok 3.pdfIGedeArieYogantaraSu
 
Cohesive Networks Support Docs: VNS3 Setup for Cisco ASA
Cohesive Networks Support Docs: VNS3 Setup for Cisco ASACohesive Networks Support Docs: VNS3 Setup for Cisco ASA
Cohesive Networks Support Docs: VNS3 Setup for Cisco ASACohesive Networks
 
Advanced RAC troubleshooting: Network
Advanced RAC troubleshooting: NetworkAdvanced RAC troubleshooting: Network
Advanced RAC troubleshooting: NetworkRiyaj Shamsudeen
 
Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)
Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)
Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)n|u - The Open Security Community
 
Laporan Praktikum Keamanan Siber - Tugas 4 -Kelas C - Kelompok 3.pdf
Laporan Praktikum Keamanan Siber - Tugas 4 -Kelas C - Kelompok 3.pdfLaporan Praktikum Keamanan Siber - Tugas 4 -Kelas C - Kelompok 3.pdf
Laporan Praktikum Keamanan Siber - Tugas 4 -Kelas C - Kelompok 3.pdfIGedeArieYogantaraSu
 
Wireshark Inroduction Li In
Wireshark Inroduction Li InWireshark Inroduction Li In
Wireshark Inroduction Li Inmhaviv
 
Decoding the Art of Red Teaming - OWASP Seasides
Decoding the Art of Red Teaming - OWASP SeasidesDecoding the Art of Red Teaming - OWASP Seasides
Decoding the Art of Red Teaming - OWASP SeasidesOWASPSeasides
 
Geep networking stack-linuxkernel
Geep networking stack-linuxkernelGeep networking stack-linuxkernel
Geep networking stack-linuxkernelKiran Divekar
 
OFY-2015-Cloud-In-A-Day
OFY-2015-Cloud-In-A-DayOFY-2015-Cloud-In-A-Day
OFY-2015-Cloud-In-A-Daykbshiv
 
OSTU - Sake Blok on Packet Capturing with Tshark
OSTU - Sake Blok on Packet Capturing with TsharkOSTU - Sake Blok on Packet Capturing with Tshark
OSTU - Sake Blok on Packet Capturing with TsharkDenny K
 

Similar to Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01 (20)

Lan to lan vpn
Lan to lan vpnLan to lan vpn
Lan to lan vpn
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules
 
How can you configure Wireshark to always recognize port 444 as an S.pdf
How can you configure Wireshark to always recognize port 444 as an S.pdfHow can you configure Wireshark to always recognize port 444 as an S.pdf
How can you configure Wireshark to always recognize port 444 as an S.pdf
 
Packet filtering using jpcap
Packet filtering using jpcapPacket filtering using jpcap
Packet filtering using jpcap
 
3.7.10 Lab Use Wireshark to View Network Traffic
3.7.10 Lab Use Wireshark to View Network Traffic3.7.10 Lab Use Wireshark to View Network Traffic
3.7.10 Lab Use Wireshark to View Network Traffic
 
Mac ip snmp
Mac ip snmpMac ip snmp
Mac ip snmp
 
Laporan Praktikum Keamanan Siber - Tugas 7 -Kelas C - Kelompok 3.pdf
Laporan Praktikum Keamanan Siber - Tugas 7 -Kelas C - Kelompok 3.pdfLaporan Praktikum Keamanan Siber - Tugas 7 -Kelas C - Kelompok 3.pdf
Laporan Praktikum Keamanan Siber - Tugas 7 -Kelas C - Kelompok 3.pdf
 
Cohesive Networks Support Docs: VNS3 Setup for Cisco ASA
Cohesive Networks Support Docs: VNS3 Setup for Cisco ASACohesive Networks Support Docs: VNS3 Setup for Cisco ASA
Cohesive Networks Support Docs: VNS3 Setup for Cisco ASA
 
Tutorial mikrotik step by step
Tutorial mikrotik step by stepTutorial mikrotik step by step
Tutorial mikrotik step by step
 
How to use packet sniffers
How to use packet sniffersHow to use packet sniffers
How to use packet sniffers
 
Advanced RAC troubleshooting: Network
Advanced RAC troubleshooting: NetworkAdvanced RAC troubleshooting: Network
Advanced RAC troubleshooting: Network
 
Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)
Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)
Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)
 
Laporan Praktikum Keamanan Siber - Tugas 4 -Kelas C - Kelompok 3.pdf
Laporan Praktikum Keamanan Siber - Tugas 4 -Kelas C - Kelompok 3.pdfLaporan Praktikum Keamanan Siber - Tugas 4 -Kelas C - Kelompok 3.pdf
Laporan Praktikum Keamanan Siber - Tugas 4 -Kelas C - Kelompok 3.pdf
 
Wireshark Inroduction Li In
Wireshark Inroduction Li InWireshark Inroduction Li In
Wireshark Inroduction Li In
 
ACN solved Manual By Ketan.pdf
ACN solved Manual By Ketan.pdfACN solved Manual By Ketan.pdf
ACN solved Manual By Ketan.pdf
 
Decoding the Art of Red Teaming - OWASP Seasides
Decoding the Art of Red Teaming - OWASP SeasidesDecoding the Art of Red Teaming - OWASP Seasides
Decoding the Art of Red Teaming - OWASP Seasides
 
Geep networking stack-linuxkernel
Geep networking stack-linuxkernelGeep networking stack-linuxkernel
Geep networking stack-linuxkernel
 
08 (IDNOG01) ARP Guard in IXP by Eric Choy
08 (IDNOG01) ARP Guard in IXP by Eric Choy08 (IDNOG01) ARP Guard in IXP by Eric Choy
08 (IDNOG01) ARP Guard in IXP by Eric Choy
 
OFY-2015-Cloud-In-A-Day
OFY-2015-Cloud-In-A-DayOFY-2015-Cloud-In-A-Day
OFY-2015-Cloud-In-A-Day
 
OSTU - Sake Blok on Packet Capturing with Tshark
OSTU - Sake Blok on Packet Capturing with TsharkOSTU - Sake Blok on Packet Capturing with Tshark
OSTU - Sake Blok on Packet Capturing with Tshark
 

More from Duane Bodle

OSPF Beyond Stump-the-Chump_Interview_Questions - Part 01 -
OSPF Beyond Stump-the-Chump_Interview_Questions - Part 01 -OSPF Beyond Stump-the-Chump_Interview_Questions - Part 01 -
OSPF Beyond Stump-the-Chump_Interview_Questions - Part 01 -Duane Bodle
 
OSPF LSA Types Explained
OSPF LSA Types ExplainedOSPF LSA Types Explained
OSPF LSA Types ExplainedDuane Bodle
 
Troubleshooting BGP
Troubleshooting BGPTroubleshooting BGP
Troubleshooting BGPDuane Bodle
 
Study Notes BGP Exam
Study Notes BGP ExamStudy Notes BGP Exam
Study Notes BGP ExamDuane Bodle
 
Cisco BGP Exam 642-661 Review Notes
Cisco BGP Exam 642-661 Review NotesCisco BGP Exam 642-661 Review Notes
Cisco BGP Exam 642-661 Review NotesDuane Bodle
 

More from Duane Bodle (6)

OSPF Beyond Stump-the-Chump_Interview_Questions - Part 01 -
OSPF Beyond Stump-the-Chump_Interview_Questions - Part 01 -OSPF Beyond Stump-the-Chump_Interview_Questions - Part 01 -
OSPF Beyond Stump-the-Chump_Interview_Questions - Part 01 -
 
SIP PRIMER
SIP PRIMERSIP PRIMER
SIP PRIMER
 
OSPF LSA Types Explained
OSPF LSA Types ExplainedOSPF LSA Types Explained
OSPF LSA Types Explained
 
Troubleshooting BGP
Troubleshooting BGPTroubleshooting BGP
Troubleshooting BGP
 
Study Notes BGP Exam
Study Notes BGP ExamStudy Notes BGP Exam
Study Notes BGP Exam
 
Cisco BGP Exam 642-661 Review Notes
Cisco BGP Exam 642-661 Review NotesCisco BGP Exam 642-661 Review Notes
Cisco BGP Exam 642-661 Review Notes
 

Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01

  • 1. Configuring a Packet Capture on Cisco ASA Capturing packets is useful when you troubleshoot connectivity problems or monitor suspicious activity. Note: Enabling WebVPN capture affects the performance of the security appliance. Make sure to disable the capture after you generate the capture files that you need for troubleshooting. Configure In this section, you are presented with the information to configure the packet capture feature described in this document. Network Diagram This document uses this network setup: Configure Packet Capture using ASDM Complete these steps in order to configure the Packet Capturing feature in ASA. For example, the configuration done here is to capture the packets transmitted during a ping from User1 (Inside network) to Router1 (Outside network): 1. Choose Wizards > Packet Capture Wizard in order to start the packet capture configuration, as shown:
  • 2. 2. The capture wizard opens. Click Next as shown here: 3. In the new window provide the parameters to capture the INGRESS traffic. 4. Choose the Ingress interface as Inside and provide the source and the destination IP address of the packets to be captured with their subnet mask in the respective space provided. 5. Also, choose the packet type to be captured by ASA (IP is the packet type chosen here), as shown: Click Next.
  • 3. 6. Choose the Egress interface as Outside and provide the source and the destination IP address with their subnet mask in the respective spaces provided as shown: Click Next. 7. Provide the Packet size and the Capture buffer size in the respective space provided as these data are required for the capture to take place. 8. Also, remember to check the Use circular buffer check box if you want to use the circular buffer option. In this example, circular buffer is not used so the check box is not checked.
  • 4. Click Next. 9. This window shows the Access−lists to be configured on the ASA for the the ASA to capture the desired packets and shows the type of packet (IP packets are captured in this example). Click Next. 10. Click Start to start the Packet capture as shown here:
  • 5. 11. As the Packet capture has been started, try to ping the Outside network from the Inside network so that the packets flowing between the source and the destination are captured by the ASA Capture buffer. 12. Click Get Capture Buffer in order to view the packets captured by the ASA capture buffer. 13. The captured packets are shown in this window for both Ingress and Egress traffic. 14. Click Save captures in order to save the capture information as shown:
  • 6. 15. In the Save Captures window choose the required format in which the capture buffer is to be saved. This is either ASCII or PCAP. Click the radio button next to the format names. 16. Then, click Save ingress capture or Save egress capture as required. If you specify the pcap format, then you can open the file using TCPDUMP or Ethereal. The capture file in ASCII format can be viewed using the web browser.
  • 7. 17. In the Save capture file window provide the file name and the location where the capture file is to be saved, then click Save as shown: 18. Click Finish. This completes the packet capture procedure. Step−By−Step Procedure to Configure Packet Capture in ASA using CLI Complete these steps in order to configure Packet capture in ASA using CLI: 1. Configure the Inside and Outside interfaces as shown in the network diagram with IP address and Security−levels.
  • 8. 2. Configure the access−lists asdm_cap_selector_inside and asdm_cap_selector_outside for capturing the packets that travel from the inside network to the outside network and outside network to inside network . access−list asdm_cap_selector_inside extended permit ip host 10.20.10.2 host 172.16.x.y access−list asdm_cap_selector_inside extended permit ip host 172.16.1.2 host 10.20.1.y access−list asdm_cap_selector_outside extended permit ip host 172.16.1.2 host 10.20.x.y access−list asdm_cap_selector_outside extended permit ip host 10.20.10.2 host 172.16.x.y 3. Start the packet capture process using the capture command in privileged EXEC mode. 4. The capture command should be used after the access−lists have been configured as shown in the ASA configuration. In this configuration example, the capture named capin is defined. 5. Bind it to the inside interface, and specify to only capture packets that match the access−list asdm_cap_selector_inside as shown here: ASA#capture capin interface inside access−list asdm_cap_selector_inside Similarly, the capture named capout is defined. Bind it to the outside interface, and specify to only capture packets that match the access−list asdm_cap_selector_outside as shown here: ASA#capture capout interface outside access−list asdm_cap_selector_outside The ASA will now start capturing the traffic flow between the interfaces. In order to stop the capture at anytime, use the no capture command followed by the capture name. Viewing the Captured Packets on ASA Viewing the Captured packets on the ASA Device In order to view the captured packets, use the show capture command followed by the capture name. These are the show command outputs of the capture buffer contents: The show capture capin command shows the contents of the capture buffer named capin. ASA#show capture capin 20 packets captured 1: 01:49:24.087474 10.20.10.2 > 172.16.1.2: icmp: echo request 2: 01:49:24.087474 172.16.1.2 > 10.20.10.2: icmp: echo reply 3: 01:49:24.087474 10.20.10.2 > 172.16.1.2: icmp: echo request 4: 01:49:24.087474 172.16.1.2 > 10.20.10.2: icmp: echo reply 5: 01:49:24.087474 10.20.10.2 > 172.16.1.2: icmp: echo request 6: 01:49:24.087474 172.16.1.2 > 10.20.10.2: icmp: echo reply 7: 01:49:24.087474 10.20.10.2 > 172.16.1.2: icmp: echo request 8: 01:49:24.087474 172.16.1.2 > 10.20.10.2: icmp: echo reply 9: 01:49:24.087474 10.20.10.2 > 172.16.1.2: icmp: echo request 10: 01:49:24.087474 172.16.1.2 > 10.20.10.2: icmp: echo reply 11: 01:49:26.247042 172.16.1.2 > 10.20.10.2: icmp: echo request 12: 01:49:26.247042 10.20.10.2 > 172.16.1.2: icmp: echo reply 13: 01:49:26.247042 172.16.1.2 > 10.20.10.2: icmp: echo request 14: 01:49:26.247042 10.20.10.2 > 172.16.1.2: icmp: echo reply 15: 01:49:26.257051 172.16.1.2 > 10.20.10.2: icmp: echo request 16: 01:49:26.257051 10.20.10.2 > 172.16.1.2: icmp: echo reply 17: 01:49:26.257051 172.16.1.2 > 10.20.10.2: icmp: echo request
  • 9. 18: 01:49:26.257051 10.20.10.2 > 172.16.1.2: icmp: echo reply 19: 01:49:26.257051 172.16.1.2 > 10.20.10.2: icmp: echo request 20: 01:49:26.257051 10.20.10.2 > 172.16.1.2: icmp: echo reply 20 packets shown The show capture capout command shows the contents of the capture buffer named capout. ASA#show capture capout 20 packets captured 1: 01:49:24.087474 10.20.10.2 > 172.16.1.2: icmp: echo request 2: 01:49:24.087474 172.16.1.2 > 10.20.10.2: icmp: echo reply 3: 01:49:24.087474 10.20.10.2 > 172.16.1.2: icmp: echo request 4: 01:49:24.087474 172.16.1.2 > 10.20.10.2: icmp: echo reply 5: 01:49:24.087474 10.20.10.2 > 172.16.1.2: icmp: echo request 6: 01:49:24.087474 172.16.1.2 > 10.20.10.2: icmp: echo reply 7: 01:49:24.087474 10.20.10.2 > 172.16.1.2: icmp: echo request 8: 01:49:24.087474 172.16.1.2 > 10.20.10.2: icmp: echo reply 9: 01:49:24.087474 10.20.10.2 > 172.16.1.2: icmp: echo request 10: 01:49:24.087474 172.16.1.2 > 10.20.10.2: icmp: echo reply 11: 01:49:26.247042 172.16.1.2 > 10.20.10.2: icmp: echo request 12: 01:49:26.247042 10.20.10.2 > 172.16.1.2: icmp: echo reply 13: 01:49:26.247042 172.16.1.2 > 10.20.10.2: icmp: echo request 14: 01:49:26.247042 10.20.10.2 > 172.16.1.2: icmp: echo reply