Cisco Cisco Email Security Appliance C160 User Guide
40-32
Cisco AsyncOS 9.0 for Email User Guide
Chapter 40 Testing and Troubleshooting
Working with Technical Support
Step 2
Specify packet capture settings:
a.
In the Packet Capture Settings section, click Edit Settings.
b.
(Optional) Enter duration, limits, and filters for the packet capture.
Your Support representative may give you guidance on these settings.
If you enter a capture duration without specifying a unit of time, AsyncOS uses seconds by default.
In the Filters section:
–
Custom filters can use any syntax supported by the UNIX
tcpdump
command, such as
host
10.10.10.10 && port 80
.
–
The client IP is the IP address of the machine connecting to the appliance, such as a mail client
sending messages through the Email Security appliance.
sending messages through the Email Security appliance.
–
The server IP is the IP address of the machine to which the appliance is connecting, such as an
Exchange server to which the appliance is delivering messages.
Exchange server to which the appliance is delivering messages.
You can use the client and server IP addresses to track traffic between a specific client and a
specific server, with the Email Security appliance in the middle.
specific server, with the Email Security appliance in the middle.
c.
Click Submit.
Step 3
Click Start Capture.
•
Only one capture may be running at a time.
•
When a packet capture is running, the Packet Capture page shows the status of the capture in
progress by showing the current statistics, such as file size and time elapsed.
progress by showing the current statistics, such as file size and time elapsed.
•
The GUI only displays packet captures started in the GUI, not from the CLI. Similarly, the CLI only
displays the status of a current packet capture run started in the CLI.
displays the status of a current packet capture run started in the CLI.
•
The packet capture file is split into ten parts. If the file reaches the maximum size limit before the
packet capture ends, the oldest part of the file is deleted (the data is discarded) and a new part starts
with the current packet capture data. Only 1/10 of the packet capture file is discarded at a time.
packet capture ends, the oldest part of the file is deleted (the data is discarded) and a new part starts
with the current packet capture data. Only 1/10 of the packet capture file is discarded at a time.
•
A running capture started in the GUI is preserved between sessions. (A running capture started in
the CLI stops when the session ends.)
the CLI stops when the session ends.)
Step 4
Allow the capture to run for the specified duration, or, if you have let the capture run indefinitely,
manually stop the capture by clicking Stop Capture.
manually stop the capture by clicking Stop Capture.
Step 5
Access the packet capture file:
•
Click the file in the Manage Packet Capture Files list and click Download File.
•
Use FTP or SCP to access the file in the
captures
subdirectory on the appliance.
What To Do Next
Make the file available to Support:
•
If you allow remote access to your appliance, technicians can access the packet capture files using
FTP or SCP. See
FTP or SCP. See
.
•
Email the file to Support.