How to use Wireshark to monitor the inside interface of a cisco ASA or PIX?
I've used wireshark to capture network data from a computer/server, but I've never used it to capture traffic on a firewall or router. Is it possible to use wireshark to capture network traffic on the inside interface of my firewall or router? Thanks.
ASKER
I actually have two separate networks on would like to gather stats on. One has a cisco ASA5510, the outside interface of the ASA Connects to a cisco 3640 Router, and the inside interface of the ASA connects to a cisco 3550 switch. The second network has a Pix 506E, the outside interface goes to a cisco 2621 Router, and the inside interface goes to a cisco 2950 switch. Can you show me an example of port mirroring? Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks. Ok, so let me get this straight. This inside interface of the Pix connects to a cisco 3550 switch. All ports on this switch are in VLAN 1. So would I be correct in adding the below configurations to my switch: Would doing to capture traffic from all of VLAN1? Thanks.
c3550(config)#monitor session 1 source vlan1
c3550(config)#monitor session 1 destination interface fastethernet 0/48 (I would connect my laptop with wireshark to this port.)
c3550(config)#monitor session 1 source vlan1
c3550(config)#monitor session 1 destination interface fastethernet 0/48 (I would connect my laptop with wireshark to this port.)
ASKER
Thanks
If you have managed switch you may try to make port mirroring on it. Try to mirror your CISCO port and grab traffic from there. By the way, what model do you have? What switch they are connected to?