On a Cisco ASA you can configure capturing of data to allow for deeper troubleshooting of issues. With the recent issue of the Heartbleed bug, I needed a way to capture HTTPS traffic and inspect remote hosts for the vulnerability. If the site was vulnerable, I would create a temporary block until that site patched.

On the Cisco ASA I setup an access-list:

access-list heartbleed line 1 extended permit tcp any any eq https

I create a capture:

capture heartbleed access-list heartbleed interface inside

Then I can view the capture:

show capture heartbleed

Example output of the above command:

1025: 09:52:27.882385 > . ack 3734113485 win 64860
1026: 09:52:27.882858 > . ack 3798098736 win 64860
1027: 09:52:27.883239 > . ack 3798101496 win 64860
1028: 09:52:27.883438 > . ack 3798104256 win 64860

Alternatively, while the capture is enabled it is accessible via the web interface of the ASA.