Thursday, November 4, 2010

Exporting Packet Captures - Multi-Context FWSMs

I came across an interesting scenario today that was worth sharing. I'm in charge of a multi-context Cisco FWSM (firewall services module). Today, while troubleshooting an issue I ran a packet capture to analyze the problem which is normally one of the first things I do.

I realized I had done this capture on a context which did not have a management IP address (don't ask). Not having any way to directly route to the context meant that my usual method of downloading the capture in *.pcap format wouldn't work via a browser, so what to do?

After some searching around, I discovered that you could simply use TFTP through the FWSM's system context to obtain the file...problem solved!

FWSM# copy /pcap capture:examplecontext/in-cap tftp:

FWSM# copy /pcap capture:public/skid-capture.pcap tftp:
Source capture name [public/skid-capture]?
Address or name of remote host []?
Destination filename [skid-capture.pcap]?
111 packets copied in 1.200 secs (111 bytes/sec)

No comments:

Post a Comment