On a Cisco ASA you can configure capturing of data to allow for deeper troubleshooting of issues. With the recent issue of the Heartbleed bug, I needed a way to capture HTTPS traffic and inspect remote hosts for the vulnerability. If the site was vulnerable, I would create a temporary block until that site patched.
On the Cisco ASA I setup an access-list:
access-list heartbleed line 1 extended permit tcp any any eq https
I create a capture:
capture heartbleed access-list heartbleed interface inside
Then I can view the capture:
show capture heartbleed
Example output of the above command:
1025: 09:52:27.882385 10.147.204.104.55665 > 126.96.36.199.443: . ack 3734113485 win 64860 1026: 09:52:27.882858 192.168.1.104.55666 > 188.8.131.52.443: . ack 3798098736 win 64860 1027: 09:52:27.883239 192.168.1.104.55666 > 184.108.40.206.443: . ack 3798101496 win 64860 1028: 09:52:27.883438 192.168.1.104.55666 > 220.127.116.11.443: . ack 3798104256 win 64860
Alternatively, while the capture is enabled it is accessible via the web interface of the ASA.