On a Cisco ASA you can configure capturing of data to allow for deeper troubleshooting of issues. With the recent issue of the Heartbleed bug, I needed a way to capture HTTPS traffic and inspect remote hosts for the vulnerability. If the site was vulnerable, I would create a temporary block until that site patched.

On the Cisco ASA I setup an access-list:

access-list heartbleed line 1 extended permit tcp any any eq https

I create a capture:

capture heartbleed access-list heartbleed interface inside

Then I can view the capture:

show capture heartbleed

Example output of the above command:

1025: 09:52:27.882385 10.147.204.104.55665 > 74.125.228.5.443: . ack 3734113485 win 64860
1026: 09:52:27.882858 192.168.1.104.55666 > 74.125.228.5.443: . ack 3798098736 win 64860
1027: 09:52:27.883239 192.168.1.104.55666 > 74.125.228.5.443: . ack 3798101496 win 64860
1028: 09:52:27.883438 192.168.1.104.55666 > 74.125.228.5.443: . ack 3798104256 win 64860

Alternatively, while the capture is enabled it is accessible via the web interface of the ASA.

https://192.168.1.1/admin/capture/heartbleed