7 users online | 7 Guests and 0 Registered

Packet capture on Cisco IOS.

  • Define an ACL to describe the traffic to capture
config t
access-list 144 permit ip host host
access-list 144 permit ip host host


  • Define a capture buffer (This is where the frames are stored once captured)
monitor capture buffer holdpackets filter access-list 144


  • Define a capture point. This gives the user the ability to be more granular on what interface, switching path the frames are captured.
monitor capture point ip cef icmptrace all both


  • Associate the capture point with the capture buffe.You can associate multiple points to the same buffer.
monitor capture point associate icmptrace holdpackets


  • Start the capture
monitor capture point start icmptrace


  • View the capture and/or export it to a PCAP file for offline analysis
show monitor capture buffer holdpackets parameters
monitor capture buffer holdpackets export tftp://


  • Stop the trace
monitor capture point stop icmptrace


  • Delete the capture buffer
no monitor capture buffer holdpackets
2014-11-11 20:26 Roy Kidder {writeRevision}
Average rating: 0 (0 Votes)

You cannot comment on this entry

Chuck Norris has counted to infinity. Twice.