Cisco Cisco Email Security Appliance C170 Guia Do Utilizador
40-32
User Guide for AsyncOS 9.7 for Cisco Email Security Appliances
Chapter 40 Testing and Troubleshooting
Working with Technical Support
Running a Packet Capture
Packet Capture allows support personnel to see the TCP/IP data and other packets going into and out of
the appliance. This allows Support to debug the network setup and to discover what network traffic is
reaching the appliance or leaving the appliance.
the appliance. This allows Support to debug the network setup and to discover what network traffic is
reaching the appliance or leaving the appliance.
Procedure
Step 1
Choose Help and Support > Packet Capture.
Step 2
Specify packet capture settings:
a.
In the Packet Capture Settings section, click Edit Settings.
b.
(Optional) Enter duration, limits, and filters for the packet capture.
Your Support representative may give you guidance on these settings.
If you enter a capture duration without specifying a unit of time, AsyncOS uses seconds by default.
In the Filters section:
–
Custom filters can use any syntax supported by the UNIX
tcpdump
command, such as
host
10.10.10.10 && port 80
.
–
The client IP is the IP address of the machine connecting to the appliance, such as a mail client
sending messages through the Email Security appliance.
sending messages through the Email Security appliance.
–
The server IP is the IP address of the machine to which the appliance is connecting, such as an
Exchange server to which the appliance is delivering messages.
Exchange server to which the appliance is delivering messages.
You can use the client and server IP addresses to track traffic between a specific client and a
specific server, with the Email Security appliance in the middle.
specific server, with the Email Security appliance in the middle.
c.
Click Submit.
Step 3
Click Start Capture.
•
Only one capture may be running at a time.
•
When a packet capture is running, the Packet Capture page shows the status of the capture in
progress by showing the current statistics, such as file size and time elapsed.
progress by showing the current statistics, such as file size and time elapsed.
•
The GUI only displays packet captures started in the GUI, not from the CLI. Similarly, the CLI only
displays the status of a current packet capture run started in the CLI.
displays the status of a current packet capture run started in the CLI.
•
The packet capture file is split into ten parts. If the file reaches the maximum size limit before the
packet capture ends, the oldest part of the file is deleted (the data is discarded) and a new part starts
with the current packet capture data. Only 1/10 of the packet capture file is discarded at a time.
packet capture ends, the oldest part of the file is deleted (the data is discarded) and a new part starts
with the current packet capture data. Only 1/10 of the packet capture file is discarded at a time.
•
A running capture started in the GUI is preserved between sessions. (A running capture started in
the CLI stops when the session ends.)
the CLI stops when the session ends.)
Step 4
Allow the capture to run for the specified duration, or, if you have let the capture run indefinitely,
manually stop the capture by clicking Stop Capture.
manually stop the capture by clicking Stop Capture.
Step 5
Access the packet capture file:
•
Click the file in the Manage Packet Capture Files list and click Download File.
•
Use FTP or SCP to access the file in the
captures
subdirectory on the appliance.