Just for the record. They are old, they are good, but they are end of life and we don’t use them any more.

How to do Packet captures on Cisco PIX.

1) clear the captures

[sourcecode]
no capture capin
no capture capout

[/sourcecode]

2) clear and create the acl

[sourcecode]
conf t
no access-list capacl
access-list capacl line 1 permit ip host 1.1.1.1 host 3.3.3.3
access-list capacl line 2 permit ip host 2.2.2.2 host 3.3.3.3
access-list capacl line 3 permit ip host 3.3.3.3 host 1.1.1.1
access-list capacl line 4 permit ip host 3.3.3.3 host 2.2.2.2
exit
[/sourcecode]

3) create the captures

[sourcecode]
capture capin access-list capacl buffer 20000 packet-length 1500 interface inside
capture capout access-list capacl buffer 20000 packet-length 1500 interface outside
[/sourcecode]

SHOW

[sourcecode]
show capture
capture capin access-list capacl buffer 20000 packet-length 1500 interface inside
capture capout access-list capacl buffer 20000 packet-length 1500 interface outside
[/sourcecode]

[sourcecode]
show capture capin
2 packets captured
15:47:38.523639 SomeH.35955 > OtherH.80: S 4088672547:4088672547(0) win 5840
15:47:41.524005 SomeH.35955 > OtherH.80: S 4088672547:4088672547(0) win 5840
2 packets shown

[/sourcecode]

[sourcecode]
copy capture:capin tftp://myhost/capin.pcap pcap
copying Capture to tftp://myhost/capin.pcap:
[/sourcecode]