Re: Showing PIX traffic

"Walter Roberson" <roberson@hushmail.com> wrote in message
news:uHwMf.75981$B94.36134@pd7tw3no...
> In article <OvudnQkdz9BbCJ_ZRVn-rg@comcast.com>,
> Jon Doe <jdoe@comcast.net> wrote:
>>I've had situations where I'm troubleshooting the pix firewall in terms of
>>someone trying to connect from the outside. The problem I have is, I don't
>>know of an easy command on the PIX that could tell me the source of a
>>certain connection and if the connection is allowed or denied.
>
> There isn't one.
>
>
>>I know I can use "show access-list" to show hit counts, but what's a
>>command
>>I can type to show a destination address (on my side), who's trying to hit
>>it (from the outside), and if the traffic was allowed or denied without
>>leaving the console?
>
> There isn't one. But you can get the 2/3 of that by using 'capture'
> with an appropriate ACL.
>
>

Thanks for your reply.... I did use 'capture' and at least I could see
packets, but I guess there's no way to see whether it was allowed or denied.
Received on Mon May 1 00:53:34 2006