Downloading Captured Traffic
The PIX firewall saves packet abduction buffers in PCAP format, which can be
downloaded and beheld with third-party software such as Ethereal or tcpdump.
The abduction can be downloaded either application HTTPS or TFTP.To download the
file application HTTPS, access the adapted URL to the PIX firewall.The syntax is
as follows:
https://pix_ip_address/capture/
www.syngress.com
Figure 10.24 Continued
Troubleshooting and Performance Monitoring • Chapter 10 601
For example:
https://192.168.1.1/capture/inside/pcap
This syntax downloads the packet abduction to your applicant in PCAP format.
Alternatively, you can download the book application TFTP.This is able using
the archetype command on the PIX firewall.The syntax is as follows:
copy capture:
Without the pcap keyword, the ASCII packet headers will be copied.With the
pcap keyword, the bifold book in PCAP architecture will be copied. For example:
PIX1# archetype capture:inside-traffic tftp://192.168.99.99/pix-capture pcap
copying Abduction to tftp://192.168.99.99/pix-capture:
In our example, we are artful the inside-traffic abduction (in PCAP format) to
the TFTP server at 192.168.99.99 to the pix-capture filename. Once the book has
been copied, you can use any of the above software bales to open
and assay the captured packets.