Lets say you want to capture the traffic on you Cisco IOS routers LAN interface. You need about 2 megabyte circular buffer.
monitor capture buffer buf1 size 2048 circular
monitor capture point ip cef cap1 gigabitethernet0/0 both
monitor capture point ip cef cap1 gigabitethernet0/0 both
monitor capture point associate cap1 buf1
Start the capture with:
monitor capture point start cap1
And stop the capture with:
monitor capture point stop cap1
Check if everything you need is in the trace:
show monitor cap buffer buf1 dump
And copy it to a place, in this case flash, where you can access it:
monitor capture buffer buf1 export flash:capture.pcap
You might want to download it for example via SCP. There is a seperate entry in this blog regarding SCP: http://uc-b.blogspot.com/2011/07/putty-scp-file-transfer-to-cisco-ios.html
But you could also copy it directly to a bunch of remote locations:
router#monitor capture buffer buf1 export ?
flash0: Location to dump buffer
flash1: Location to dump buffer
flash: Location to dump buffer
ftp: Location to dump buffer
http: Location to dump buffer
https: Location to dump buffer
pram: Location to dump buffer
rcp: Location to dump buffer
scp: Location to dump buffer
tftp: Location to dump buffer
router#
Cisco Link to embedded Packet Capture:
http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_packet_capture_ps6441_TSD_Products_Configuration_Guide_Chapter.html
If you want to automate it in a quite fancy way you should have a look at Cisco Embedded Automation Systems - EASy
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6555/ps10777/ppt_EASy_Packet_Capture_c78-577851.pdf
No comments:
Post a Comment