Table Of Contents
Defining Preferences and Using Configuration, Diagnostic, and File Management Tools
Preferences
Configuration Tools
Reset Device to the Factory Default Configuration
Save Running Configuration to TFTP Server
Save Internal Log Buffer to Flash
Command Line Interface
Command Errors
Interactive Commands
Avoiding Conflicts with Other Administrators
Show Commands Ignored by ASDM on Device
Diagnostic Tools
Packet Tracer
Ping
Using the Ping Tool
Troubleshooting the Ping Tool
Traceroute
Administrator's Alert to Clientless SSL VPN Users
ASDM Java Console
Packet Capture Wizard
Field Information for the Packet Capture Wizard
File Management Tools
File Management
Manage Mount Points
Add/Edit a CIFS/FTP Mount Point
Upgrade Software from Local Computer
File Transfer
Upgrade Software from Cisco.com Wizard
ASDM Assistant
System Reload
Backup and Restore
Backing Up Configurations
Restoring Configurations
Defining Preferences and Using Configuration, Diagnostic, and File Management Tools
This chapter describes the preferences and tools available for configuration, problem diagnosis, and file management, and includes the following sections:
•
Preferences
•Configuration Tools
•Diagnostic Tools
•File Management Tools
Preferences
This feature lets you change the behavior of some ASDM functions between sessions.
To change various settings in ASDM, perform the following steps:
Step 1 In the main ASDM application window, choose Tools > Preferences.
The Preferences dialog box appears, with three tabs: General, Rules Table, and Syslog.
Step 2 Click one of these tabs to define your settings: the General tab to specify general preferences; the Rules Tables tab to specify preferences for the Rules table; and the Syslog tab to specify the appearance of syslog messages displayed in the Home pane and to enable the display of a warning message for NetFlow-related syslog messages.
Step 3 On the General tab, specify the following:
a. Check the Preview commands before sending them to the device check box to view CLI commands generated by ASDM.
b. Check the Enable cumulative (batch) CLI delivery check box to send multiple commands in a single group to the adaptive security appliance.
c. Check the Warn that configuration in ASDM is out of sync with the configuration in ASA check box to be notified when the startup configuration and the running configuration are no longer in sync with each other.
d. Check the Confirm before exiting ASDM check box to display a prompt when you try to close ASDM to confirm that you want to exit. This option is checked by default.
e. Check the Show configuration restriction message to read-only user check box to display the following message to a read-only user at startup. This option is checked by default.
"You are not allowed to modify the ASA configuration, because you do not have
sufficient privileges."
f. Check the Enable screen reader support (requires ASDM restart) check box to enable screen readers to work. You must restart ASDM to enable this option.
g. To allow the Packet Capture Wizard to display captured packets, enter the name of the network sniffer application or click Browse to find it.
Step 4 On the Rules Tables tab, specify the following:
a. Display settings let you change the way rules are displayed in the Rules table.
–Check the Auto-expand network and service object groups with specified prefix check box to display the network and service object groups automatically expanded based on the Auto-Expand Prefix setting.
–In the Auto-Expand Prefix field, specify the prefix of the network and service object groups to expand automatically when displayed.
–Check the Show members of network and service object groups check box to display members of network and service object groups and the group name in the Rules table. If the check box is not checked, only the group name is displayed.
–In the Limit Members To field, enter the number of network and service object groups to display. When the object group members are displayed, then only the first n members are displayed.
–Check the Show all actions for service policy rules check box to display all actions in the Rules table. When unchecked, a summary appears.
b. Deployment settings let you configure the behavior of the security appliance when deploying changes to the Rules table.
–Check the Issue "clear xlate" command when deploying access lists check box to clear the NAT table when deploying new access lists. This setting ensures the access lists that are configured on the security appliance are applied to all translated addresses.
c. Access Rule Hit Count Settings let you configure the frequency for which the hit counts are updated in the Access Rules table. Hit counts are applicable for explicit rules only. No hit count will be displayed for implicit rules in the Access Rules table.
–Check the Update access rule hit counts automatically check box to have the hit counts automatically updated in the Access Rules table.
–In the Update Frequency field, specify the frequency in seconds in which the hit count column is updated in the Access Rules table. Valid values are 10 - 86400 seconds.
Step 5 On the Syslog tab, specify the following:
•In the Syslog Colors area, you can customize the message display by configuring background or foreground colors for messages at each severity level. The Severity column lists each severity level by name and number. To change the background color or foreground color for messages at a specified severity level, click the corresponding column. The Pick a Color dialog box appears. Click one of the following tabs:
–On the Swatches tab, choose a color from the palette, and click OK.
–On the HSB tab, specify the H, S, and B settings, and click OK.
–On the RGB tab, specify the Red, Green, and Blue settings, and click OK.
•In the NetFlow area, to enable the display of a warning message to disable redundant syslog messages, check the Warn to disable redundant syslog messages when NetFlow action is first applied to the global service policy rule check box.
Step 6 After you have specified settings on these three tabs, click OK to save your settings and close the Preferences dialog box.
Note Each time that you check or uncheck a preferences setting, the change is saved to the .conf file and becomes available to all the other ASDM sessions running on the workstation at the time. You must restart ASDM for all changes to take effect.
Modes
The following table shows the modes in which this feature is available:
Firewall Mode
|
Security Context
|
Routed
|
Transparent
|
Single
|
Multiple
|
Context
|
System
|
•
|
•
|
•
|
•
|
•
|
Configuration Tools
This section includes the following topics:
•Reset Device to the Factory Default Configuration
•Save Running Configuration to TFTP Server
•Save Internal Log Buffer to Flash
•Command Line Interface
•Show Commands Ignored by ASDM on Device
Reset Device to the Factory Default Configuration
The default configuration provides the minimum commands required to connect to the adaptive security appliance using ASDM.
Note This feature is available only for routed firewall mode; transparent mode does not support IP addresses for interfaces. In addition, this feature is available only in single context mode; a security appliance with a cleared configuration does not have any defined contexts to configure automatically using this feature.
To reset the adaptive security appliance to the factory default configuration, perform the following steps:
Step 1 In the main ASDM application window, choose File > Reset Device to the Factory Default Configuration.
The Reset Device to the Default Configuration dialog box appears.
Step 2 Enter the Management IP address of the management interface, instead of using the default address, 192.168.1.1. For an adaptive security appliance with a dedicated management interface, the interface is called "Management0/0." For other adaptive security appliances, the configured interface is Ethernet 1 and called "inside."
Step 3 Choose the Management (or Inside) Subnet Mask from the drop-down list.
Step 4 To save this configuration to internal flash memory, choose File > Save Running Configuration to Flash.
Selecting this option saves the running configuration to the default location for the startup configuration, even if you have previously configured a different location for the System Time. When the configuration was cleared, this path was also cleared. The next time you reload the adaptive security appliance after restoring the factory configuration, the device boots from the first image in internal flash memory. If an image in internal flash memory does not exist, the adaptive security appliance does not boot.
Modes
The following table shows the modes in which this feature is available:
Firewall Mode
|
Security Context
|
Routed
|
Transparent
|
Single
|
Multiple
|
Context
|
System
|
•
|
—
|
•
|
—
|
—
|
Save Running Configuration to TFTP Server
This feature stores a copy of the current running configuration file on a TFTP server.
To save the running configuration to a TFTP server, perform the following steps:
Step 1 In the main ASDM application window, choose File > Save Running Configuration to TFTP Server.
The Save Running Configuration to TFTP Server dialog box appears.
Step 2 Enter the TFTP server IP address and file path on the TFTP server in which the configuration file will be saved, and then click Save Configuration.
Note To configure default TFTP settings, choose Configuration > Device Management > Management Access > File Access > TFTP Client. After you have configured this setting, the TFTP server IP address and file path on the TFTP server appear automatically in this dialog box.
Modes
The following table shows the modes in which this feature is available:
Firewall Mode
|
Security Context
|
Routed
|
Transparent
|
Single
|
Multiple
|
Context
|
System
|
•
|
•
|
•
|
•
|
•
|
Save Internal Log Buffer to Flash
This feature lets you save the internal log buffer to flash memory.
To save the internal log buffer to flash memory, perform the following steps:
Step 1 In the main ASDM application window, choose File > Save Internal Log Buffer to Flash.
The Enter Log File Name dialog box appears.
Step 2 Choose the first option to save the log buffer with the default filename, LOG-YYYY-MM-DD-hhmmss.txt.
Step 3 Choose the second option to specify a filename for the log buffer.
Step 4 Enter the filename for the log buffer, and then click OK.
Command Line Interface
This feature provides a text-based tool for sending commands to the adaptive security appliance and viewing the results.
The commands you can enter with the CLI tool depend on your user privileges. See the section, About Authorization for more information. Review your privilege level in the status bar at the bottom of the main ASDM application window to ensure that you have the required privileges to execute privileged-level CLI commands.
Note Commands entered via the ASDM CLI tool might function differently from those entered through a terminal connection to the adaptive security appliance.
To use the CLI tool, perform the following steps:
Step 1 In the main ASDM application window, choose Tools > Command Line Interface.
The Command Line Interface dialog box appears.
Step 2 Choose the type of command (single line or multiple line) that you want, and then choose the command from the drop-down list, or type it in the field provided.
Step 3 Click Send to execute the command.
Step 4 To enter a new command, click Clear Response, and then choose (or type) another command to execute.
Step 5 Check the Enable context-sensitive help (?) check box to provide context-sensitive help for this feature. Uncheck this check box to disable the context-sensitive help.
Step 6 After you have closed the Command Line Interface dialog box, if you changed the configuration, click Refresh to view the changes in ASDM.
Modes
The following table shows the modes in which this feature is available:
Firewall Mode
|
Security Context
|
Routed
|
Transparent
|
Single
|
Multiple
|
Context
|
System
|
•
|
•
|
•
|
•
|
•
|
Command Errors
If an error occurs because you entered an incorrect command, the incorrect command is skipped and the remaining commands are processed. A message displays in the Response area to inform you whether any error occurred, as well as other related information.
Note ASDM supports almost all CLI commands. See the Cisco Security Appliance Command Reference for a list of commands.
Interactive Commands
Interactive commands are not supported in the CLI tool. To use these commands in ASDM, use the noconfirm keyword if available, as shown in the following command:
crypto key generate rsa modulus 1024 noconfirm
Avoiding Conflicts with Other Administrators
Multiple administrative users can update the running configuration of the adaptive security appliance. Before using the ASDM CLI tool to make configuration changes, check for other active administrative sessions. If more than one user is configuring the adaptive security appliance at the same time, the most recent changes take effect.
To view other administrative sessions that are currently active on the same adaptive security appliance, choose Monitoring > Properties > Device Access.
Show Commands Ignored by ASDM on Device
This feature lets you show the list of commands that ASDM does not support. Typically, ASDM ignores them. ASDM does not change or remove these commands from your running configuration. See Unsupported Commands for more information.
To display the list of unsupported commands for ASDM, perform the following steps:
Step 1 In the main ASDM application window, choose Tools > Show Commands Ignored by ASDM on Device.
Step 2 Click OK when you are done.
Modes
The following table shows the modes in which this feature is available:
Firewall Mode
|
Security Context
|
Routed
|
Transparent
|
Single
|
Multiple
|
Context
|
System
|
•
|
•
|
•
|
•
|
•
|
Diagnostic Tools
ASDM provides a set of diagnostic tools to help you in troubleshooting problems. This section includes the following topics:
•Packet Tracer
•Ping
•Traceroute
•Administrator's Alert to Clientless SSL VPN Users
•ASDM Java Console
•Packet Capture Wizard
Packet Tracer
The packet tracer tool provides packet tracing for packet sniffing and network fault isolation, as well as detailed information about the packets and how they are processed by the adaptive security appliance. If a configuration command did not cause the packet to drop, the packet tracer tool will provide information about the cause in an easily readable manner. For example, if a packet was dropped because of an invalid header validation, the following message is displayed:
"packet dropped due to bad ip header (reason)."
In addition to capturing packets, you can trace the lifespan of a packet through the adaptive security appliance to see whether the packet is behaving as expected. The packet tracer tool lets you do the following:
•Debug all packet drops in a production network.
•Verify the configuration is working as intended.
•Show all rules applicable to a packet, along with the CLI lines that caused the rule addition.
•Show a time line of packet changes in a data path.
•Trace packets in the data path.
To open the packet tracer, perform the following steps:
Step 1 In the main ASDM application window, choose Tools > Packet Tracer.
The Cisco ASDM Packet Tracer dialog box appears.
Step 2 Choose the source interface for the packet trace from the drop-down list.
Step 3 Specify the protocol type for the packet trace. Available protocol types are ICMP, IP, TCP, and UDP.
Step 4 Enter the source address for the packet trace in the Source IP Address field.
Step 5 Choose the source port for the packet trace from the drop-down list.
Step 6 Enter the destination IP address for the packet trace in the Destination IP Address field.
Step 7 Choose the destination port for the packet trace from the drop-down list.
Step 8 Click Start to trace the packet.
The Information Display Area shows detailed messages about the packet trace.
Note To display a graphical representation of the packet trace, check the Show animation check box.
Modes
The following table shows the modes in which this feature is available:
Firewall Mode
|
Security Context
|
Routed
|
Transparent
|
Single
|
Multiple
|
Context
|
System
|
•
|
•
|
•
|
•
|
•
|
Ping
The Ping tool is useful for verifying the configuration and operation of the adaptive security appliance and surrounding communications links, as well as for testing other network devices.
A ping is sent to an IP address and it returns a reply. This process enables network devices to discover, identify, and test each other.
The Ping tool uses ICMP (as described in RFC-777 and RFC-792) to define an echo request and reply transaction between two network devices. The echo request packet is sent to the IP address of a network device. The receiving device reverses the source and destination address and sends the packet back as the echo reply.
To use the Ping tool, perform the following steps:
Step 1 In the main ASDM application window, choose Tools > Ping.
The Ping dialog box appears.
Step 2 Enter the destination IP address for the ICMP echo request packets in the IP Address field.
Note If a hostname has been assigned in the Configuration > Firewall > Objects > IP Names pane, you can use the hostname in place of the IP address.
Step 3 (Optional) Choose the security appliance interface that transmits the echo request packets from the drop-down list. If it is not specified, the security appliance checks the routing table to find the destination address and uses the required interface.
Step 4 Click Ping to send an ICMP echo request packet from the specified or default interface to the specified IP address and start the response timer.
The response appears in the Ping Output area. Three attempts are made to ping the IP address, and results display the following fields:
•The IP address of the device pinged or a device name, if available. The name of the device, if assigned Hosts/Networks, may be displayed, even if NO response is the result.
•When the ping is transmitted, a millisecond timer starts with a specified maximum, or timeout value. This timer is useful for testing the relative response times of different routes or activity levels.
•Example Ping output:
Sending 5, 100-byte ICMP Echos to out-pc, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
If the ping fails, the output is as follows:
Sending 5, 100-byte ICMP Echos to 10.132.80.101, timeout is 2 seconds:
Success rate is 0 percent (0/5)
Step 5 To enter a new IP address, click Clear Screen to remove the previous response from the Ping output area.
Modes
The following table shows the modes in which this feature is available:
Firewall Mode
|
Security Context
|
Routed
|
Transparent
|
Single
|
Multiple
|
Context
|
System
|
•
|
•
|
•
|
•
|
•
|
Using the Ping Tool
Administrators can use the ASDM Ping interactive diagnostic tool in these ways:
•Loopback testing of two interfaces—A ping may be initiated from one interface to another on the same security appliance, as an external loopback test to verify basic "up" status and operation of each interface.
•Pinging to a security appliance—The Ping tool can ping an interface on another security appliance to verify that it is up and responding.
•Pinging through a security appliance—Ping packets originating from the Ping tool may pass through an intermediate security appliance on their way to a device. The echo packets will also pass through two of its interfaces as they return. This procedure can be used to perform a basic test of the interfaces, operation, and response time of the intermediate unit.
•Pinging to test questionable operation of a network device—A ping may be initiated from an adaptive security appliance interface to a network device that is suspected to be functioning incorrectly. If the interface is configured correctly and an echo is not received, there may be problems with the device.
•Pinging to test intermediate communications—A ping may be initiated from an adaptive security appliance interface to a network device that is known to be functioning correctly and returning echo requests. If the echo is received, the correct operation of any intermediate devices and physical connectivity is confirmed.
Troubleshooting the Ping Tool
When pings fail to receive an echo, it may be the result of a configuration or operational error in an adaptive security appliance, and not necessarily because of no response from the IP address being pinged. Before using the Ping tool to ping from, to, or through an adaptive security appliance interface, perform the following basic checks:
•Verify that interfaces are configured by choosing Configuration > Device Setup > Interfaces.
•Verify that devices in the intermediate communications path, such as switches or routers, are correctly delivering other types of network traffic.
•Make sure that traffic of other types from "known good" sources is being passed by choosing Monitoring > Interfaces > Interface Graphs.
Pinging from a Security Appliance Interface
For basic testing of an interface, you can initiate a ping from an adaptive security appliance interface to a network device that you know is functioning correctly and returning replies via the intermediate communications path. For basic testing, make sure you do the following:
•Verify receipt of the ping from the adaptive security appliance interface by the "known good" device. If the ping is not received, a problem with the transmitting hardware or interface configuration may exist.
•If the adaptive security appliance interface is configured correctly and it does not receive an echo reply from the "known good" device, problems with the interface hardware receiving function may exist. If a different interface with "known good" receiving capability can receive an echo after pinging the same "known good" device, the hardware receiving problem of the first interface is confirmed.
Pinging to a Security Appliance Interface
When you try to ping to an adaptive security appliance interface, verify that the pinging response (ICMP echo reply) is enabled for that interface by choosing Tools > Ping. When pinging is disabled, the adaptive security appliance cannot be detected by other devices or software applications, and will not respond to the ASDM Ping tool.
Pinging Through the Security Appliance
To verify that other types of network traffic from "known good" sources is being passed through the adaptive security appliance, choose Monitoring > Interfaces > Interface Graphs or an SNMP management station.
To enable internal hosts to ping external hosts, configure ICMP access correctly for both the inside and outside interfaces by choosing Configuration > Firewall > Objects > IP Names.
Traceroute
The Traceroute tool helps you to determine the route that packets will take to their destination.The tool prints the result of each probe sent. Every line of output corresponds to a TTL value in increasing order. The following table lists the output symbols printed by this tool.
Output Symbol
|
Description
|
*
|
No response was received for the probe within the timeout period.
|
nn msec
|
For each node, the round-trip time (in milliseconds) for the specified number of probes.
|
!N.
|
ICMP network unreachable.
|
!H
|
ICMP host unreachable.
|
!P
|
ICMP unreachable.
|
!A
|
ICMP administratively prohibited.
|
?
|
Unknown ICMP error.
|
To use the Traceroute tool, perform the following steps:
Step 1 In the main ASDM application window, choose Tools > Traceroute.
The Traceroute dialog box appears.
Step 2 Enter the name of the host to which the route is traced. If the hostname is specified, define it by choosing Configuration > Firewall > Objects > IP Names, or configure a DNS server to enable this tool to resolve the hostname to an IP address.
Step 3 Enter the amount of time in seconds to wait for a response before the connection times out. The default is three seconds.
Step 4 Type the destination port used by the UDP probe messages. The default is 33434.
Step 5 Enter the number of probes to be sent at each TTL level. The default is three.
Step 6 Specify the minimum and maximum TTL values for the first probes. The minimum default is one, but it can be set to a higher value to suppress the display of known hops. The maximum default is 30. The traceroute terminates when the packet reaches the destination or when the maximum value is reached.
Step 7 Check the Specify source interface or IP address check box. Choose the source interface or IP address for the packet trace from the drop-down list. This IP address must be the IP address of one of the interfaces. In transparent mode, it must be the management IP address of the adaptive security appliance.
Step 8 Check the Reverse Resolve check box to have the output display the names of hops encountered if name resolution is configured. Leave this check box unchecked to have the output display IP addresses.
Step 9 Check the Use ICMP check box to specify the use of ICMP probe packets instead of UDP probe packets.
Step 10 Click Trace Route to start the traceroute.
The Traceroute Output area displays detailed messages about the traceroute results.
Step 11 Click Clear Output to start a new traceroute.
Modes
The following table shows the modes in which this feature is available:
Firewall Mode
|
Security Context
|
Routed
|
Transparent
|
Single
|
Multiple
|
Context
|
System
|
•
|
•
|
•
|
•
|
•
|
Administrator's Alert to Clientless SSL VPN Users
This feature lets you send an alert message to clientless SSL VPN users (for example, about connection status).
To send an alert message, perform the following steps:
Step 1 In the main ASDM application window, choose Tools > Administrator's Alert Message to Clientless SSL VPN Users.
The Administrator's Alert Message to Clientless SSL VPN Users dialog box appears.
Step 2 Enter the new or edited alert content that you want to send, and then click Post Alert.
Step 3 To remove current alert content and enter new alert content, click Cancel Alert.
Modes
The following table shows the modes in which this feature is available:
Firewall Mode
|
Security Context
|
Routed
|
Transparent
|
Single
|
Multiple
|
Context
|
System
|
•
|
•
|
•
|
•
|
•
|
ASDM Java Console
You can use the ASDM Java console to view and copy logged entries in a text format, which can help you troubleshoot ASDM errors. To access this tool, in the main ASDM application window, choose Tools > ASDM Java Console.
To show the virtual machine memory statistics, enter m in the console.
To perform garbage collection, enter g in the console.
To monitor memory usage, open the Windows Task Manager and double-click the asdm_launcher.exe file.
Note The maximum memory allocation allowed is 256 MB.
Modes
The following table shows the modes in which this feature is available:
Firewall Mode
|
Security Context
|
Routed
|
Transparent
|
Single
|
Multiple
|
Context
|
System
|
•
|
•
|
•
|
•
|
•
|
Packet Capture Wizard
You can use the Packet Capture Wizard to configure and run captures for troubleshooting errors. The captures can use access lists to limit the type of traffic captured, the source and destination addresses and ports, and one or more interfaces. The wizard runs one capture on each of the ingress and egress interfaces. You can save the captures on your PC to examine them in a packet analyzer.
Note This tool does not support clientless SSL VPN capture.
To configure and run captures, perform the following steps:
Step 1 In the main ASDM application window, choose Wizards > Packet Capture Wizard.
The Overview of Packet Capture screen appears, with a list of the tasks that the wizard will guide you through to complete.
Step 2 Click Next to display the Ingress Traffic Selector screen.
Step 3 Choose the ingress interface (inside or outside) from the drop-down list.
Step 4 Enter the source host IP address and choose the network IP address from the drop-down list.
Step 5 Choose the protocol from the drop-down list.
Step 6 Depending on the selected protocol, you also need to define both the source port services and destination port services. Choose one of the following options:
•All Services
•Service group, which you choose from the drop-down list
•Service, which you choose according to a set of predefined parameters
Step 7 Click Next to display the Egress Traffic Selector screen.
Step 8 Choose the egress interface from the drop-down list.
Step 9 Enter the source host IP address and choose the network IP address from the drop-down list.
Note The source port services and destination port services are read-only based on the choices you made in the Ingress Traffic Selector screen.
Step 10 Click Next to display the Buffers screen.The buffer size is the maximum amount of memory that the capture can use to store packets.The packet size is the longest packet that the capture can hold. We recommend that you use the longest packet size to capture as much information as possible.
Step 11 Enter the packet size. The valid size ranges from 14 - 1522 bytes.
Step 12 Enter the buffer size. The valid size ranges from 1534 - 33554432 bytes.
Step 13 Check the Use circular buffer check box to store captured packets.
Note When you choose this setting, if all the buffer storage is used, the capture will start overwriting the oldest packets.
Step 14 Click Next to display the Summary screen, which shows the traffic selectors and buffer parameters that you have entered.
Step 15 Click Next to display the Run Capture screen, and then click Start to begin capturing packets. Click Stop to end the capture.
Step 16 Click Get Capture Buffer to determine how much buffer space you have remaining. Click Clear Buffer on Device to remove the current content and allow room in the buffer to capture more packets.
Step 17 Click Save captures to display the Save Capture dialog box. Select the format in which you want to include.the captures: ASCII or PCAP. You have the option of saving either the ingress capture, the egress capture, or both.
Step 18 To save the ingress packet capture, click Save Ingress Capture to display the Save capture file dialog box. Specify the storage location on your PC, and click Save.
Step 19 To save the egress packet capture, click Save Egress Capture to display the Save capture file dialog box. Specify the storage location on your PC, and click Save.
Step 20 Click Close, and then click Finish to exit the wizard.
Modes
The following table shows the modes in which this feature is available:
Firewall Mode
|
Security Context
|
Routed
|
Transparent
|
Single
|
Multiple
|
Context
|
System
|
•
|
•
|
•
|
•
|
•
|
Field Information for the Packet Capture Wizard
This section includes the following topics:
•Ingress Traffic Selector
•Egress Traffic Selector
•Buffers
•Summary
•Run Captures
•Save Captures
Ingress Traffic Selector
The Ingress Traffic Selector dialog box lets you configure the ingress interface, source and destination hosts/networks, and the protocol for packet capture.
Fields
•Ingress Interface—Specifies the ingress interface name.
•Source Host/Network—Specifies the ingress source host and network.
•Destination Host/Network—Specifies the ingress destination host and network.
•Protocol—Specifies the protocol type to capture (ah, eigrp, esp, gre, icmp, icmp6, igmp, igrp, ip, ipinip, nos, ospf, pcp, pim, snp, tcp, or udp).
–ICMP type—Specifies the ICMP type for ICMP protocol only (all, alternate address, conversion-error, echo, echo-reply, information-reply, information-request, mask-reply, mask-request, mobile-redirect, parameter-problem, redirect, router-advertisement, router-solicitation, source-quench, time-exceeded, timestamp-reply, timestamp-request, traceroute, or unreachable).
–Source/Destination Port Services—Specifies source and destination port services for TCP and UDP protocols only.
All Services—Specifies all services.
Service Group—Specifies a service group.
Service—Specifies a service (aol, bgp, chargen, cifx, citrix-ica, ctiqbe, daytime, discard, domain, echo, exec, finger, ftp, ftp-data, gopher, h323, hostname, http, https, ident, imap4, irc, kerberos, klogin, kshell, ldap, ldaps, login, lotusnotes, lpd, netbios-ssn, nntp, pcanywhere-data, pim-auto-rp, pop2, pop3, pptp, rsh, rtsp, sip, smtp, sqlnet, ssh, sunrpc, tacacs, talk, telnet, uucp, or whois).
Modes
The following table shows the modes in which this feature is available:
Firewall Mode
|
Security Context
|
Routed
|
Transparent
|
Single
|
Multiple
|
Context
|
System
|
•
|
•
|
•
|
•
|
—
|
Egress Traffic Selector
The Egress Traffic Selector dialog box lets you configure the egress interface, source and destination hosts/networks, and source and destination port services for packet capture.
Fields
•Egress Interface—Specifies the egress interface name.
•Source Host/Network—Specifies the egress source host and network.
•Destination Host/Network—Specifies the egress destination hose and network.
•Protocol—Specifies the protocol type selected during the ingress configuration.
Modes
The following table shows the modes in which this feature is available:
Firewall Mode
|
Security Context
|
Routed
|
Transparent
|
Single
|
Multiple
|
Context
|
System
|
•
|
•
|
•
|
•
|
—
|
Buffers
The Buffers dialog box lets you configure the packet size, buffer size, and whether to use the circular buffer for packet capture.
Fields
•Packet Size—Specifies longest packet that the capture can hold. Use the longest size available to capture as much information as possible.
•Buffer Size—Specifies the maximum amount of memory that the capture can use to store packets.
•Use circular buffer—Specifies whether to use the circular buffer to store packets. When the circular buffer has used all of the buffer storage, the capture will write over the oldest packets first.
Modes
The following table shows the modes in which this feature is available:
Firewall Mode
|
Security Context
|
Routed
|
Transparent
|
Single
|
Multiple
|
Context
|
System
|
•
|
•
|
•
|
•
|
—
|
Summary
The Summary dialog box shows the traffic selectors and the buffer parameters for the packet capture.
Fields
•Traffic Selectors—Shows the capture and access list configuration specified in the previous steps.
•Buffer Parameters—Shows the buffer parameters specified in the previous step.
Modes
The following table shows the modes in which this feature is available:
Firewall Mode
|
Security Context
|
Routed
|
Transparent
|
Single
|
Multiple
|
Context
|
System
|
•
|
•
|
|
