Руководство Пользователя для Cisco Cisco Content Security Management Appliance M160
15-3
Cisco IronPort AsyncOS 8.0 for Security Management User Guide
Chapter 15 Troubleshooting
Packet Capture
Sometimes when you contact Cisco IronPort Customer Support with a Security Management appliance
issue, you may be asked to provide insight into the network activity going into and out of the Security
Management appliance. The Security Management appliance provides the ability to intercept and
display TCP/IP and other packets being transmitted or received over the network to which the appliance
is attached.
issue, you may be asked to provide insight into the network activity going into and out of the Security
Management appliance. The Security Management appliance provides the ability to intercept and
display TCP/IP and other packets being transmitted or received over the network to which the appliance
is attached.
You might want to run a packet capture to debug the network setup and to discover what network traffic
is reaching the appliance or leaving the appliance.
is reaching the appliance or leaving the appliance.
The appliance saves the captured packet activity to a file and stores the file locally. You can configure
the maximum packet capture file size, how long to run the packet capture, and on which network
interface to run the capture. You can also use a filter to limit the packet capture to traffic through a
specific port or traffic from a specific client or server IP address.
the maximum packet capture file size, how long to run the packet capture, and on which network
interface to run the capture. You can also use a filter to limit the packet capture to traffic through a
specific port or traffic from a specific client or server IP address.
The Help and Support > Packet Capture page on the Security Management appliance displays the list
of complete packet capture files stored on the hard drive. When the packet capture process is running,
the Packet Capture page shows the status of the capture in progress by showing the current statistics,
such as file size and time elapsed.
of complete packet capture files stored on the hard drive. When the packet capture process is running,
the Packet Capture page shows the status of the capture in progress by showing the current statistics,
such as file size and time elapsed.
You can download a packet capture file using the Download File button and forward it in an email to
Cisco IronPort Customer Support for debugging and troubleshooting purposes. You can also delete a
packet capture file by selecting one or more files, and clicking Delete Selected Files.
Cisco IronPort Customer Support for debugging and troubleshooting purposes. You can also delete a
packet capture file by selecting one or more files, and clicking Delete Selected Files.
Note
In the CLI, use the packetcapture command. This command is similar to the tcpdump command in
UNIX.
UNIX.
Starting a Packet Capture
There are two ways to start a packet capture:
•
•
Starting a Packet Capture from the Command Line Prompt
To start a packet capture, type packetcapture > start command from the command line prompt. If you
need to stop a running packet capture, run the packetcapture > stop command. The appliance stops the
packet capture when the session ends.
need to stop a running packet capture, run the packetcapture > stop command. The appliance stops the
packet capture when the session ends.
Starting a Packet Capture from the GUI
Procedure
Step 1
On the Security Management appliance, choose Help and Support > Packet Capture.
Step 2
Select Start Capture.