Embedded Packet Capture Edit

1. Configure a capture buffer

monitor capture buffer PACKET_CAP size 2048 max-size 4000 circular

2. Optionally apply ACLs to limit the traffic captured in the buffer you created

R1#conf t

Enter configuration commands, one per line. End with CNTL/Z.

R1(config)#ip access-list ex PACKET_CAP_FILTER

R1(config-ext-nacl)#permit ip host host

R1(config-ext-nacl)#permit ip host host


R1#monitor capture buffer PACKET_CAP filter access-list PACKET_CAP_FILTER

Filter Association succeeded

3. Set your capture points you can use IPv4 or IPv6 CEF for input and output, you can also name the capture point

R1# monitor capture point ip cef CAP_FA1/0 fastEthernet 1/0 both


*May 7 19:54:45.767: %BUFCAP-6-CREATE: Capture Point CAP_FA1/0 created.

4. Associate the capture point to the capture buffer

R1#monitor capture point associate CAP_FA1/0 PACKET_CAP

5. Enable the capture point to start the packet capture

R1#monitor capture point start CAP_FA1/0


*May 7 15:26:31.539: %BUFCAP-6-ENABLE: Capture Point CAP_FA0/0 enabled.

6. To stop the capture use the following command

R1#monitor capture point stop CAP_FA1/0


*May 7 15:28:55.363: %BUFCAP-6-DISABLE: Capture Point CAP_FA1/0 disabled.


Use the following commands to view capture specific information:

show monitor capture buffer all parameters

show monitor capture point all

show monitor capture buffer PACKET_CAP

show monitor capture buffer PACKET_CAP dump

To export the packet capture use the following syntax:

monitor capture buffer PACKET_CAP export tftp://

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.