Packet capture on Cisco IOS

    • Define an ACL to describe the traffic to capture
    config t
    access-list 144 permit ip host 10.10.10.1 host 10.10.20.2
    access-list 144 permit ip host 10.10.20.2 host 10.10.10.1
    end

     

    • Define a capture buffer (This is where the frames are stored once captured)
    monitor capture buffer holdpackets filter access-list 144

     

    • Define a capture point. This gives the user the ability to be more granular on what interface, switching path the frames are captured.
    monitor capture point ip cef icmptrace all both

     

    • Associate the capture point with the capture buffe.You can associate multiple points to the same buffer.
    monitor capture point associate icmptrace holdpackets

     

    • Start the capture
    monitor capture point start icmptrace

     

    • View the capture and/or export it to a PCAP file for offline analysis
    show monitor capture buffer holdpackets parameters
    monitor capture buffer holdpackets export tftp://192.168.5.40/captureut.pcap

     

    • Stop the trace
    monitor capture point stop icmptrace

     

    • Delete the capture buffer
    no monitor capture buffer holdpackets

     

    No questions yet.

    Main Menu