Cisco ASA and PIX Firewall Handbook

10-2. Watching Data Pass Through a Firewall

Sometimes you might want to know what sort of traffic has passed through a firewall to reach a certain host. At other times, you might need to troubleshoot why traffic is not being forwarded through the firewall. In this case, you would want to verify that packets arrived on one firewall interface but did not go out another interface.

You can use two methods to watch or verify that packets have passed through a firewall:

Capture session— Packets passing through an interface and matching given conditions are captured in a buffer and can be displayed later.
Debug packet— Packets matching conditions defined in a debug command are reported as they pass through the firewall.

NOTE

Beginning with PIX 7.x, ...

Get Cisco ASA and PIX Firewall Handbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Cisco ASA and PIX Firewall Handbook by Dave Hucaby

10-2. Watching Data Pass Through a Firewall

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly