Packet capture on Cisco IOS

    • Define an ACL to describe the traffic to capture
    config t
    access-list 144 permit ip host host
    access-list 144 permit ip host host


    • Define a capture buffer (This is where the frames are stored once captured)
    monitor capture buffer holdpackets filter access-list 144


    • Define a capture point. This gives the user the ability to be more granular on what interface, switching path the frames are captured.
    monitor capture point ip cef icmptrace all both


    • Associate the capture point with the capture buffe.You can associate multiple points to the same buffer.
    monitor capture point associate icmptrace holdpackets


    • Start the capture
    monitor capture point start icmptrace


    • View the capture and/or export it to a PCAP file for offline analysis
    show monitor capture buffer holdpackets parameters
    monitor capture buffer holdpackets export tftp://


    • Stop the trace
    monitor capture point stop icmptrace


    • Delete the capture buffer
    no monitor capture buffer holdpackets


    No questions yet.