Downloading Captured Traffic

Downloading Captured Traffic

The PIX firewall saves packet abduction buffers in PCAP format, which can be

downloaded and beheld with third-party software such as Ethereal or tcpdump.

The abduction can be downloaded either application HTTPS or TFTP.To download the

file application HTTPS, access the adapted URL to the PIX firewall.The syntax is

as follows:

https://pix_ip_address/capture//pcap

www.syngress.com

Figure 10.24 Continued

Troubleshooting and Performance Monitoring • Chapter 10 601

For example:

https://192.168.1.1/capture/inside/pcap

This syntax downloads the packet abduction to your applicant in PCAP format.

Alternatively, you can download the book application TFTP.This is able using

the archetype command on the PIX firewall.The syntax is as follows:

copy capture: tftp:/// [pcap]

Without the pcap keyword, the ASCII packet headers will be copied.With the

pcap keyword, the bifold book in PCAP architecture will be copied. For example:

PIX1# archetype capture:inside-traffic tftp://192.168.99.99/pix-capture pcap

copying Abduction to tftp://192.168.99.99/pix-capture:

In our example, we are artful the inside-traffic abduction (in PCAP format) to

the TFTP server at 192.168.99.99 to the pix-capture filename. Once the book has

been copied, you can use any of the above software bales to open

and assay the captured packets.