Assume I have an ASA 5510 with a very basic setup.

int e0/0 is the outside interface that is connected to the internet.
int e0/1 is the inside interface.

Now, computer from the inside network browses the internet

question 1: When I run a packet capture on this; is the inside interface the INGRESS interface and the outside interface the EGRESS interface?

question 2: If I want to see the return traffic coming back to from, would I still look at the ingress capture? It looks like when you run a packet capture and specify an interface for ingress it automatically shows outbound and inbound traffic on that interface. Is that correct?
Who is Participating?
Jimmy Larsson, CISSP, CEHConnect With a Mentor Network and Security consultantCommented:
1) Yes. Ingress means inbound. Since the packet is coming IN TO the firewall from the inside interface, that is the ingress. The packet is going OUT FROM the outside interface, therefore it is the egress (outbound) interface.

2) When you capture packets on an interface, you see ALL packets, both ingress packets (packets entering the firewall on that interface) AND egress packets (packets leaving the firewall).

Best regards
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.