- show running-config (sh run) --> Provides you the entire configuration of the device
- show int ip brief --> Displays Interfaces, IP details and their status
- show interface stats or detail (sh run) --> Provides you the detailed information of each interface
- show log --> Displays the syslog information
- show nameif --> Displays Interfaces, names(inside,outside,VLAN,etc) and their security levels(In-100,out-0, dmz-60,etc)
- show ip address --> Displays Interfaces,Names,IP add and Subnet mask
- show version (sh ver) --> Displays ASA s/w ver,DM ver, sys image, uptime, hardware details, Interface MAC add, License features, Serial number
- show flash --> Flash is actually the storage of image files, conf files, binary files, logs, etc.
- show boot --> Provides you the BOOT variable and the order of Current BOOT variable configured
- show failover --> If failover is on, output info tells whether this unit serves as primary or standby, which interface acts a FO interface, timer details, Device ver, Mate ver, Monitored Interfaces and stateful details
- show access-list(ACL name) --> Output provides the configured ACL with line numbers and the hit counts for that line
- show run access-group --> Displays ACL name which has been binded to the interface
- show run global --> Shows how many global(network interface)(nat_id)IPs has been configured in the device(PAT IPs)
- show run nat --> Shows how many nat(network interface)(nat_id) has been configured
- show run static --> Shows how many static NATs been configured in the device
- show conn --> Displays the connection in use and used with detailed info of protocol,interface, IP, idle_time, bytes and connection flags
- show arp --> Shows ARP address list - IP address and MAC address with interface through which it learned
- show xlate --> Displays the local IP and its Natted IP, ports and flags (global, PAT global, etc)
- show xlate detail --> Displays the NAT and PAT information, flow of traffic from and to in detail
- show route --> Displays the routing information
- show clock --> Displays the system time and date
- show cpu --> Displays CPU utilization for 5sec, 1min and 5mins
- show isakmp sa or show crypto isakmp sa (with detail) --> Displays IKE runtime SA database (with additional information)
- show run crypto isakmp --> Displays the complete ISAKMP configuration
- show run crypto ipsec --> Displays the complete IPSec configuration
- show run object-group id(object-group name) --> Displays objects that are inside the group(Works only in ASA)
- show run object-group --> Displays the total object-groups available in the firewall
- show object-group id(object-group name) --> Displays objects that are inside the group(Works only in PIX)
- show names --> Displays the names to which it has been mapped
- show isakmp sa or show crypto isakmp sa (with detail) --> Displays IKE runtime SA database (with additional information)
- show run crypto isakmp --> Displays the complete ISAKMP configuration
- show crypto isakmp sa | i (peer ip) --> Displays the IKE peer ip if phase-1 is up
- show run crypto ipsec --> Displays the complete IPSec configuration
- show crypto ipsec sa peer (peer ip) --> Displays te IPSEC information with peer ip if phase-2 is up
- show run crypto map --> Displays all configuration for all crypto maps
- clear crypto isakmp sa --> Clears the IKE runtime SA database for all the peers
- clear crypto isakmp sa (peer ip) --> Clears the IKE runtime SA database for that particular peer ip
- clear crypto ipsec sa --> Clears the IPSEC runtime SA database for all the peers
- clear crypto ipsec sa peer (peer ip) --> Clears the IPSEC runtime SA database for that particular peer ip
- show vpn-sessiondb l2l --> Provides detailed information about the tunnel like when tunnel established, duration, bytes Tx, bytes Rx, etc
ITSMYGALAXY# sh int ip brief Interface IP-Address OK? Method Status Protocol GigabitEthernet0/0 1.1.1.1 YES CONFIG up up GigabitEthernet0/1 2.2.2.2 YES CONFIG up up GigabitEthernet0/2 3.3.3.3 YES unset up up GigabitEthernet0/3 unassigned YES unset administratively down down Management0/0 unassigned YES unset administratively down down
STEP-1
Creating a access-list named "cap-in" for interface inside (Additionally if your requirement needs more access-lists, you can)
access-list cap-in line 1 permit icmp host 184.154.88.26 host 65.60.45.190
STEP-2
Creating a capture named "mycap-in" and binding the above created access list to it.
capture mycap-in access-list cap-in interface inside
STEP-3
To see the captured packets
show capture mycap-in access-list cap-in (or) sh cap mycap-in
Note: If you want to use the same ACL created in STEP-1 for capturing the packets in outside interface also , then create one more capture in STEP-2 named "mycap-out" and bind it to outside.
No comments:
Post a Comment