Friday, March 30, 2007

Cisco PIX Firewall capture command

Ok, so most of us knows about packet sniffer like tcpdump and wireshark. These two are the best open source sniffers that is freely available in the market today. But, most of us also know that majority of the company are using switches now rather than the good old hub because of the bad architecture of how a hub works. Well, to sniff all traffic from a switch you would need to perform ARP spoofing, but to sniff traffic from a hub, just install your sniffer on your machine and start sniffing from the network. Well, i guess for cisco switches, you can try to install Cisco Dynamic Arp Inspection to defeat ARP spoofing. Personally, i had not tried that, but you can read more about it here: http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a00804357b1.html

My point today is not about ARP spoofing, instead i would love to talk about the capture command from the PIX firewall. This command functions almost like a sniffer where you can choose to sniff all the traffic that traverse through the firewall. Besides that, you can also do filtering based on IP addresses and port numbers. Moreover, this command can also be used for troubleshooting if you were to setup multiple servers or networks. Personally, i had tried it 2 years back when i was configuring a firewall, and there is no questions about it that it is so good to have a sniffer like command in the firewall. Well, I shan't go deep into details of how to use or configure this command, because a simple yet detailed article had been published. Let me know what you guys think?

http://www.computernetworkinghelp.com/content/view/40/1/

12 comments:

Anonymous said...

The feature is also available on the FWSM and NAM. Very handy, with the web interface you can download the capture and use wireshark to view it.

Anonymous said...

id, i am so glad that you give me comments. You are right, it runs on FWSM and NAM too. Instead of the web interface, you can also use tftp to copy the pcap file and use wireshark to view it.

hackathology

Red Mile said...

You are a smart man. The fact that you got all these cert. Man, I wish I have one them. Get more!!!

Unknown said...

The holidays are a time ed hardy of getting together with friends ed hardy shoes and family, attending elaborate ed hardy clothing parties, and other exciting events ed hardy clothes that involves dressing up in stunning ed hardy store wardrobes. If you ed hardy Bikini are pregnant during ed hardy swimsuits the holidays, it does not ed hardy Caps mean that you are unable buy ed hardy to look fabulous and ed hardy swimwear stylish. Now, an expectant ed hardy sale mother has many styles of chic ed hardy glasses maternity clothing that allows cheap ed hardy her to show off her baby bump Christian audigier while looking spectacular.

Anonymous said...

I'm really loving the theme/design of your web site. Do you ever run into any internet browser compatibility issues? A small number of my blog audience have complained about my blog not working correctly in Explorer but looks great in Firefox. Do you have any suggestions to help fix this issue?

Feel free to visit my web site :: Golf Putting
My web site :: Golf Putting

Anonymous said...

Amazing! I'm truly enjoying the design of your blog. Are you using a custom theme or is this readily available to all individuals? If you do not want to say the name of it out in the general public, please be sure to contact me. I'd really enjoy to get my hands on this theme!
Appreciate it.

my web blog: how to golf

Anonymous said...

Hello!
I was thinking about adding a website link back to your site since both of our sites are based
around the same niche. Would you prefer I link to you using your website address:
http://www.blogger.com/comment.g?blogID=2673681754036568683&postID=4531072674010721463 or web site title:
Blogger: Taking Network Security to the Streets.
Please let me know! Thanks

Here is my web blog laser nail fungus
Also see my website > get rid of nail fungus how to get rid of toenail fungus

Anonymous said...

Hi,
This is my 1st comment here so I just wanted to give
a quick shout out and say I genuinely enjoy reading your blog posts.
Can you recommend any other blogs/websites/forums that deal with
the same topics?
Thank you so much!

Take a look at my site: Vehicle App
my webpage > iphone mileage

Anonymous said...

Hey there!
This is my first visit to your blog! We are a collection of
volunteers and starting a new initiative in a community in the same niche.
Your blog provided us useful information to work on.

You have done a outstanding job!

Here is my webpage best iPhone app

Anonymous said...

Hey there!
I'm at work surfing around your blog from my iphone 4s! Just wanted to say I love reading your blog and look forward to all your posts!

Feel free to visit my blog - How to Golf App

Anonymous said...

Hi!
With this particular write up you clarify a couple of the most important opinions.

Fairly simple to read & inclusive of interesting details!

Thanks a lot for sharing Blogger: Taking Network
Security to the Streets.

Here is my website - iPod golf

Anonymous said...

Great post but I was wondering if you could write a little more on this topic?
I'd be very thankful if you could elaborate a little bit more. Many thanks!

Here is my page :: golf exercises