Cisco Cisco Email Security Appliance X1050 Troubleshooting Guide

Contributed by Jackie Fleming and Robert Sherwin, Cisco TAC
Engineers.
Jun 11, 2014

Introduction
Prerequisites
     Requirements
     Components Used
Background Information
Packet Captures on AsyncOS Versions 7.x and Later
     Start or Stop a Packet Capture
     Packet Capture Functionality
Packet Captures on AsyncOS Versions 6.x and Earlier
     Start or Stop a Packet Capture
     Packet Capture Filters

This document describes how to perform packet captures on the Cisco Email Security Appliance (ESA).

Cisco recommends that you have knowledge of the Cisco ESA.

The information in this document is based on the Cisco ESA that runs any version of AsyncOS.

When you contact IronPort Customer Support with an issue, you might be asked to provide insight into the
outbound and inbound network activity of the ESA. The appliance provides the ability to intercept and display
TCP, IP, and other packets that are transmitted or received over the network to which the appliance is
attached. You might want to run a packet capture in order to debug the network setup and in order to verify
the network traffic that reaches or leaves the appliance.

Note: This document references software that is not maintained or supported by IronPort. The information is
provided as a courtesy for your convenience. For further assistance, please contact the software vendor.

It is important to note that the previously used tcpdump CLI command is replaced with the new
packetcapture command in AsyncOS Versions 7.0 and later. This command offers functionality similar to the
tcpdump command, and it is also available for use on the GUI.