FANDOM


Embedded Packet Capture Edit

1. Configure a capture buffer

monitor capture buffer PACKET_CAP size 2048 max-size 4000 circular

2. Optionally apply ACLs to limit the traffic captured in the buffer you created

R1#conf t

Enter configuration commands, one per line. End with CNTL/Z.

R1(config)#ip access-list ex PACKET_CAP_FILTER

R1(config-ext-nacl)#permit ip host 10.1.1.1 host 192.168.1.1

R1(config-ext-nacl)#permit ip host 192.168.1.1 host 10.1.1.1

R1(config-ext-nacl)#end



R1#monitor capture buffer PACKET_CAP filter access-list PACKET_CAP_FILTER

Filter Association succeeded

3. Set your capture points you can use IPv4 or IPv6 CEF for input and output, you can also name the capture point

R1# monitor capture point ip cef CAP_FA1/0 fastEthernet 1/0 both

R1#

*May 7 19:54:45.767: %BUFCAP-6-CREATE: Capture Point CAP_FA1/0 created.

4. Associate the capture point to the capture buffer

R1#monitor capture point associate CAP_FA1/0 PACKET_CAP

5. Enable the capture point to start the packet capture

R1#monitor capture point start CAP_FA1/0

R1#

*May 7 15:26:31.539: %BUFCAP-6-ENABLE: Capture Point CAP_FA0/0 enabled.

6. To stop the capture use the following command

R1#monitor capture point stop CAP_FA1/0

R1#

*May 7 15:28:55.363: %BUFCAP-6-DISABLE: Capture Point CAP_FA1/0 disabled.

R1#

Use the following commands to view capture specific information:

show monitor capture buffer all parameters

show monitor capture point all

show monitor capture buffer PACKET_CAP

show monitor capture buffer PACKET_CAP dump

To export the packet capture use the following syntax:

monitor capture buffer PACKET_CAP export tftp://1.1.1.2//Capture.pcap

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.