Difference between revisions of "Packet Capture in Cisco IOS"
From Teknologisk videncenter
m (added Category:Wireshark using HotCat) |
m |
||
(4 intermediate revisions by the same user not shown) | |||
Line 4: | Line 4: | ||
permit ip 10.0.0.0 0.0.0.255 host 10.1.1.1 | permit ip 10.0.0.0 0.0.0.255 host 10.1.1.1 | ||
!<notice>A buffer must be defined and bounded to the previos defined ACL:</notice> | !<notice>A buffer must be defined and bounded to the previos defined ACL:</notice> | ||
− | monitor capture buffer BUFFER size | + | monitor capture buffer BUFFER size 10000 max-size 1500 circular |
monitor capture buffer BUFFER filter access-list Monitored-Host | monitor capture buffer BUFFER filter access-list Monitored-Host | ||
!<notice>The next step requires to define which interfaces must be monitoed and where store data:</notice> | !<notice>The next step requires to define which interfaces must be monitoed and where store data:</notice> | ||
Line 16: | Line 16: | ||
</source> | </source> | ||
=Links= | =Links= | ||
+ | *[http://www.cisco.com/c/en/us/td/docs/ios/netmgmt/configuration/guide/15_1/nm_15_1_book/nm_packet_capture.html#wp1054249 Cisco EPC - Embedded Packet Capture] | ||
+ | *[http://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-embedded-packet-capture/116045-productconfig-epc-00.html Cisco Packet Capture] | ||
+ | *[http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/15-1/XE_330SG/configuration/guide/config/wireshrk.pdf Cisco - Configuring Wireshark] | ||
+ | *[http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/fm/FabricManager/tsfab.html#wp998792 Cisco Remote Capture daemon] | ||
*[http://www.routereflector.com/2013/05/embedded-packet-capture-tcpdump-on-cisco-ios-routers/ Packet Capture on Cisco IOS] | *[http://www.routereflector.com/2013/05/embedded-packet-capture-tcpdump-on-cisco-ios-routers/ Packet Capture on Cisco IOS] | ||
*[http://howdoesinternetwork.com/2013/packet-capture-in-cisco-ios Packet Capture on Cisco IOS] | *[http://howdoesinternetwork.com/2013/packet-capture-in-cisco-ios Packet Capture on Cisco IOS] |
Latest revision as of 07:02, 20 August 2014
!<notice>An ACL must be defined to match interesting traffic only:</notice>
ip access-list extended Monitored-Host
permit ip 10.0.0.0 0.0.0.255 host 10.1.1.1
!<notice>A buffer must be defined and bounded to the previos defined ACL:</notice>
monitor capture buffer BUFFER size 10000 max-size 1500 circular
monitor capture buffer BUFFER filter access-list Monitored-Host
!<notice>The next step requires to define which interfaces must be monitoed and where store data:</notice>
monitor capture point ip cef CAPTURE FastEthernet0/0 both
monitor capture point associate CAPTURE BUFFER
!<notice>Finally the capture must be started and stopped when not needed anymore:</notice>
monitor capture point start CAPTURE
monitor capture point stop CAPTURE
!<notice>At this point the buffer can be exported to an external system:</notice>
monitor capture buffer BUFFER export ftp://ftp.example.com/CAPTURER.pcap