How to Capture traffic on a Cisco ASA with No Config Changes

Problem: You need to capture traffic between 1.1.1.1 and 2.2.2.2

In previous version of ASA/PIX code (7.2 and below) you had to go into config mode add a bi-directional access-list and then apply the packet capture. As of 7.2.1 you no longer have to do that and it makes creating captures a lot quicker and no configuration changes are made to the firewall since no access-list are created.

Command Format:
capture [CAP_NAME] interface [INT_NAME] match ip host x.x.x.x host x.x.x.x
Example: 

capture jcap interface inside match ip host 1.1.1.1 host 2.2.2.2

And while this rule looks like it would only capture traffic if sources from 1.1.1.1 it is actually automatically bidirectional so will capture traffic if it sources from either address.

To see and manage your captures issue the following command:

show capture - This will list all fo the captures running on the ASA/PIX
show capture [CAP_NAME] - this will show the actually packets captured in the captures

clear capture [CAP_NAME] - this will clear the captures for one capture

no cap [CAP_NAME] - this will completely remove and stop the capture

There are many more options such as ports and protocols you can find those in the reference guide here:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/c1.html#wp2129312

##############################

Here are some more captures I regularly use:

Change the capture to gather whole subnets:
Example: 

capture jcap interface inside match ip 1.1.1.0 255.255.255.0 2.2.2.0 255.255.255.0

If you need to see all the the traffic to and from one address you could make a capture like this:
Example: 

capture jcap interface inside match ip host 1.1.1.1 any

Capture ARP request and replies with the following:
Example: 

capture arpcap interface inside ethernet-type arp