Difference between revisions of "Packet Capture in Cisco IOS"
From Teknologisk videncenter
m (Created page with "<source lang=cli> !<notice>An ACL must be defined to match interesting traffic only:</notice> ip access-list extended Monitored-Host permit ip 10.0.0.0 0.0.0.255 host 10.1.1.1 !...") |
m (added Category:Wireshark using HotCat) |
||
Line 19: | Line 19: | ||
*[http://howdoesinternetwork.com/2013/packet-capture-in-cisco-ios Packet Capture on Cisco IOS] | *[http://howdoesinternetwork.com/2013/packet-capture-in-cisco-ios Packet Capture on Cisco IOS] | ||
{{Source cli}} | {{Source cli}} | ||
+ | |||
+ | [[Category:Wireshark]] |
Revision as of 06:45, 20 June 2014
!<notice>An ACL must be defined to match interesting traffic only:</notice>
ip access-list extended Monitored-Host
permit ip 10.0.0.0 0.0.0.255 host 10.1.1.1
!<notice>A buffer must be defined and bounded to the previos defined ACL:</notice>
monitor capture buffer BUFFER size 512 max-size 256 circular
monitor capture buffer BUFFER filter access-list Monitored-Host
!<notice>The next step requires to define which interfaces must be monitoed and where store data:</notice>
monitor capture point ip cef CAPTURE FastEthernet0/0 both
monitor capture point associate CAPTURE BUFFER
!<notice>Finally the capture must be started and stopped when not needed anymore:</notice>
monitor capture point start CAPTURE
monitor capture point stop CAPTURE
!<notice>At this point the buffer can be exported to an external system:</notice>
monitor capture buffer BUFFER export ftp://ftp.example.com/CAPTURER.pcap