This is the White Rhino Security blog, an IT technical blog about configs and topics related to the Network and Security Engineer working with Cisco, Brocade, Check Point, and Palo Alto and Sonicwall. I hope this blog serves you well. -- May The Lord bless you and keep you. May He shine His face upon you, and bring you peace.
I had to do some remote troubleshooting on an ASA that, according to the customer, was not allowing SIP traffic in on their new SIP services. In this scenario, CLI was the only option, and really, I just glad about that. Although, I do also like the GUI form of the packet capture that Cisco has in the ASDM. Its easy. Easier than CLI in this case, but I like CLI, so Im OK with it. Here is the ACL I configured to capture traffic to their phone system's external IP:
CiscoASA# config t
CiscoASA(config)# access-list 188 permit ip any host 18.104.22.168
Now, lets enable the capture on the outside interface:
CiscoASA# capture capin interface outside access-list 188
So now I run a ping to that 22.214.171.124 IP address. Then, I make the phone call to see if SIP traffic came to the ASA. Then, I HTTP'ed to the phone system. So, how many bytes are captured?