Pages

7/12/2015

Packet Capture From Cisco Router


7K

ethanalyzer local interface inband limit-captured-frames 20000 autostop duration 120 write bootflash:capture.pcap

IOS-XE Router


monitor capture CAP int Gi0/0/1 both
monitor capture CAP match ipv4 any any
monitor capture CAP start
show monitor capture CAP buffer brief
monitor capture CAP stop
monitor capture CAP export ftp://10.1.10.27/CAP.pcap
no monitor capture CAP

IOS Router

  1. create access-list for packet filter
  2. access-list 1 permit 10.100.1.45
  3. create buffer
  4. monitor capture buffer holdpackets
  5. filter buffer
  6. monitor capture buffer holdpackets filter access-list 1
  7. create capture point
  8. monitor capture point ip cef mytrace all both
  9. associate capture point with buffer
  10. monitor capture point associate mytrace holdpackets
  11. start capture
  12. monitor capture point start mytrace
    • Look at progress
    show monitor capture buffer all parameters
    • See list of capture points
    show monitor capture point all
  13. Stop the capture
  14. monitor capture point stop mytrace
  15. Export buffer as PCAP
  16. monitor capture buffer holdpackets export tftp://10.1.10.27/mytrace.pcap
  17. Remove buffer
  18. no monitor capture buffer holdpackets
  19. Remove capture point
  20. no monitor capture point ip cef mytrace all both