There is a problem with downloading pcap capture from Cisco ASA 5520 from https://<ip_of_asa>/admin/capture/<capture_name>/pcap – an empty file with size 24 bytes is downloaded while https://<ip_of_asa>/admin/capture/<capture_name> (without pcap in url) shows captured packets fine. The problem started when ASA memory usage was at high level. Now it is back to normal but capture download still fails. The capture was removed and a new one created – this didn't help. I've already faced this problem before and in that case it was resolved after ASA restart. In this case ASA reboot is not an option. Is there a way to resolve this issue without reboot?
Cisco ASA PCAP – Problem with Downloading PCAP Capture from Cisco ASA
cisco-asapcap
Best Answer
As a workaround, it looks like you can manually copy the capture via CLI to any of the normal destinations: https://www.cisco.com/c/en/us/td/docs/security/asa/asa82/command/reference/cmd_ref/c4.html#wp2144072
This means you should also be able to SCP it off the ASA, if you can't push it to HTTP/FTP/TFTP via the copy command. Here's a good post on using SCP if you haven't before: https://thestupidengineer.wordpress.com/2015/04/01/scp-file-to-asa/
You can download Putty's SCP client if you don't have a 'Nix box to use.