8 users online | 8 Guests and 0 Registered

Packet capture on Cisco IOS.


  • Define an ACL to describe the traffic to capture
config t
access-list 144 permit ip host 10.10.10.1 host 10.10.20.2
access-list 144 permit ip host 10.10.20.2 host 10.10.10.1
end

 

  • Define a capture buffer (This is where the frames are stored once captured)
monitor capture buffer holdpackets filter access-list 144

 

  • Define a capture point. This gives the user the ability to be more granular on what interface, switching path the frames are captured.
monitor capture point ip cef icmptrace all both

 

  • Associate the capture point with the capture buffe.You can associate multiple points to the same buffer.
monitor capture point associate icmptrace holdpackets

 

  • Start the capture
monitor capture point start icmptrace

 

  • View the capture and/or export it to a PCAP file for offline analysis
show monitor capture buffer holdpackets parameters
monitor capture buffer holdpackets export tftp://192.168.5.40/captureut.pcap

 

  • Stop the trace
monitor capture point stop icmptrace

 

  • Delete the capture buffer
no monitor capture buffer holdpackets
2014-11-11 20:26 Roy Kidder {writeRevision}
Average rating: 0 (0 Votes)

You cannot comment on this entry

Chuck Norris has counted to infinity. Twice.