A packet enters the ingress interface and it is handled by the chassis internal switch.In the case of a Firepower appliance (1xxx, 21xx, 41xx, 93xx) and a Firepower Threat Defense (FTD) application a packet processing can be visualized as shown in the image. How to Collect and Export Captures on the NGFW Product Family? The goal of this document is to help network and security engineers to identify and troubleshoot common network issues based mainly on packet capture analysis. Daily, Cisco TAC solves many customer problems by analyzing captured data.
Packet capture is one of the most overlooked troubleshoot tools available today. If your network is live, ensure that you understand the potential impact of any command. All of the devices used in this document started with a cleared (default) configuration. The information in this document was created from the devices in a specific lab environment.
Know the appliance - You must know how your device handles packets, what are the involved interfaces (i.e.If this is not possible you must at least know the upstream and downstream devices Know the topology - You must know the transit devices.Know the protocol operation - It is vain to start checking a packet capture if you do not understand how the captured protocol operates.Prerequisites RequirementsĬisco recommends that you have knowledge of these topics:Īdditionally, before you start to analyze packet captures it is highly advisable to meet these requirements: The document covers the packet captures from a Cisco Next-Generation Firewall (NGFW) point of view, but the same concepts are applicable to other device types as well. All the scenarios presented in this document are based on real user cases seen in the Cisco Technical Assistance Center (TAC). This document describes various packet capture analysis techniques that aim to effectively troubleshoot network issues.
0 kommentar(er)
