Cisco Cisco Email Security Appliance X1050 Guía Para Resolver Problemas

This section describes the packet capture process on AsyncOS Versions 6.x and earlier.

You can use tcpdump command in order to capture TCP/IP and other packets that are transmitted or received
over a network to which the ESA is attached.

Complete these steps in order to start or stop a packet capture:

Enter the the diagnostic > network > tcpdump command into the CLI of the ESA. Here is an example
output:

example.com> diagnostic

Choose the operation you want to perform:

− RAID − Disk Verify Utility.

− DISK_USAGE − Check Disk Usage.

− NETWORK − Network Utilities.

− REPORTING − Reporting Utilities.

− TRACKING − Tracking Utilities.

[]> network

Choose the operation you want to perform:

− FLUSH − Flush all network related caches.

− ARPSHOW − Show system ARP cache.

− SMTPPING − Test a remote SMTP server.

− TCPDUMP − Dump ethernet packets.

[]> tcpdump

− STATUS − Status capture

− FILTER − Set packet capture filter

− INTERFACE − Set packet capture interface

− CLEAR − Remove previous packet captures

[]>

1. 

Set the interface (Data 1, Data 2, or Management) and the filter.

Note: The filter uses the same format as the Unix tcpdump command.

2. 

Select START in order to begin the capture and STOP in order to end it.

Note: Do not exit the tcpdump menu while the capture is in progress. You must use a second CLI
window in order to run any other commands. Once the capture process is complete, you must use
secure copy (SCP) or File Transfer Protocol (FTP) from your local desktop in order to download the
files from the directory named Diagnostic (refer to the Packet Capture Filters section for details).
The files use Packet Capture (PCAP) format and can be reviewed with a program such as Ethereal or
Wireshark.

3. 

The Diagnostic > NET CLI command uses standard tcpdump filter syntax. This section provides information
in regards to tcpdump capture filters and provides some examples.