Evil_TTL> show | s

Deep Packet Inspection on ASA

Category:Cisco Systems -> Security

Deep packet inspection function is available on Cisco ASA and PIX firewalls.

There are three easy steps to configure it:

  1. Create an access list for interesting traffic
  2. Create named traffic capture instance, reference the access list and interface to apply
  3. Show contents of the traffic capture instance


access-list CAP-ACL extended permit ip host any

capture CAP access
-list CAP-ACL interface inside

sh capture CAP

// <output omitted>

clear capture CAP // to clear the list
no capture CAP // to delete the traffic capture instance 


By privilege15