Summary Window

Summary Window


I forgot to mention that you can filter based on organization, country source port/address etc....this allows you to look for particular patterns. Also there is a window for the allow as well as the deny. I used the new summary window to capture some interesting malware that was going outbound . Someone asked me if i could trigger packet capture....I think I can but the pix/asa aren't complicated here they are, just substitute your source and destination ip for the ones detailed in the details window on SOI:

access-list CAPTURE1 extended permit ip host host
capture CAPTURING access-list CAPTURE1 interface

copy /pcap capture:CAPTURING tftp

This should copy it to your tftp server where you can start detailed analysis on the packets in wireshark or whatever you use to view pcap files.
If anyone knows of a good tcl script to this please contact me