Wireshark-users: Re: [Wireshark-users] Cisco FWSM Capture Dump

Date: Mon, 10 Aug 2009 12:56:21 -0400
Robert,
Maybe I am misunderstanding you but I have done many captures on our
FWSMs.  After you let the capture run for a bit and grab the packets you
need you can just open a web browser to the interface on the context you
are capturing from.  For example.

https://10.x.x.x/capture/CONTEXT_NAME/CAPTURE_NAME/pcap

You can download the pcap file of the capture from here.

Give that a try.

Let me know if that works for you.
Nick





-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Robert D.
Scott
Sent: Monday, August 10, 2009 11:44 AM
To: 'Community support list for Wireshark'
Subject: Re: [Wireshark-users] Cisco FWSM Capture Dump

These commands are NOT available in individual contexts.  Only in the
sys
context, and there is no IP on a sys context to get the file off the
FWSM,
and requires root access to the FWSM. Of course the Cisco doc are
lacking in
this regard.  In this firewall configuration the only access to sys is
via a
session command, or to change con sys from an ssh session. We do not
permit
admins access to sys. 

My original question is still valid.

Robert D. Scott                 Robert@xxxxxxx
Senior Network Engineer         352-273-0113 Phone
CNS - Network Services          352-392-2061 CNS Phone Tree
University of Florida           352-392-9440 FAX
Florida Lambda Rail             352-294-3571 FLR NOC
Gainesville, FL  32611          321-663-0421 Cell


-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Joerg Mayer
Sent: Monday, August 10, 2009 11:22 AM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Cisco FWSM Capture Dump

Me: 
> I looked at:
> Catalyst 6500 Series and Cisco 7600
> Series Switch Firewall Services Module
> Command Reference, 4.0

You:
> dcpopl3-fwsm-1/cns/act# copy capture disk0: ?
> ERROR: % Unrecognized command
> dcpopl3-fwsm-1/cns/act# copy capture disk0:c1 ?
> ERROR: % Unrecognized command
> dcpopl3-fwsm-1/cns/act# copy capture disk0:c1
>                                      ^
> ERROR: % Invalid input detected at '^' marker.
> dcpopl3-fwsm-1/cns/act# sho ver
> 
> FWSM Firewall Version 4.0(2) <context>
> 
> Compiled on Tue 29-Jul-08 15:50 by fwsmbld 
> 
> I only wish it worked like the ACE and ASA. :(
> 
> Robert D. Scott                 Robert@xxxxxxx
> Senior Network Engineer         352-273-0113 Phone

Please read the documentation I mentioned in the mail, I did that for a
purpose. To save you the work of copying the text into google, here's
the link to that document:
http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/command/reference/f
wsm_
ref.pdf
Then go to page 436 (8-34).

Btw, the ASA isn't that much different in this regard.

Ciao
      Joerg
-- 
Joerg Mayer                                           <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
________________________________________________________________________
___
Sent via:    Wireshark-users mailing list
<wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
 
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe


________________________________________________________________________
___
Sent via:    Wireshark-users mailing list
<wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
 
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe