This is great news for us. The new feature from Cisco IOS release 12.4(20)T or later. Internal packet capture like popular application in linux Tcpdump or Sniffing, Cisco called Embedded Packet Capture (EPC) or Mini Protocol Analyzer (MPA). This facility thats allows to capture packet flowing to, through and from IOS device and to analyze them offline or export to analysis later by a tool such as Wireshark. This feature is very usefull for troubleshooting by gathering packet.
Please follow for step by step
#### Preconfig for test IOS packet capture
IOS-1# show vlan id 11
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
11 VLAN0011 active Fa0/0
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
11 enet 100011 1500 - - - - - 0 0
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
IOS-1# show run interface FastEthernet0/0
Building configuration...
Current configuration : 137 bytes
!
interface FastEthernet0/0
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 11
switchport mode trunk
duplex auto
end
IOS-1# show run interface vlan 11
Building configuration...
Current configuration : 62 bytes
!
interface Vlan11
ip address 172.16.12.1 255.255.255.0
end
IOS-2# show run interface vlan 11
Building configuration...
Current configuration : 62 bytes
!
interface Vlan11
ip address 172.16.12.2 255.255.255.0
end
#### Step by step IOS packet capture
#### Define a capture buffer
IOS-1# monitor capture buffer PACKET size 512 max-size 1024 circular
#### Define a capture point
IOS-1# monitor capture point ip cef Vlan11_CAP Vlan11 both
#### Create associate capture point with capture buffer
IOS-1# monitor capture point associate Vlan11_CAP PACKET
#### Enable the capture point for start capture packet data
IOS-1# monitor capture point start Vlan11_CAP
#### Disable the capture point for stop capture packet data
IOS-1# monitor capture point stop Vlan11_CAP
#### Verify and test
#### The summary view of capture point
IOS-1# show monitor capture point all
Status Information for Capture Point Vlan11_CAP
IPv4 CEF
Switch Path: IPv4 CEF , Capture Buffer: PACKET
Status : Active
Configuration:
monitor capture point ip cef Vlan11_CAP Vlan11 both
#### The summary view of capture buffer
#### Before start
IOS-1# show monitor capture buffer all parameters
Capture buffer PACKET (circular buffer)
Buffer Size : 524288 bytes, Max Element Size : 1024 bytes, Packets : 0
Allow-nth-pak : 0, Duration : 0 (seconds), Max packets : 0, pps : 0
Associated Capture Points:
Name : Vlan11_CAP, Status : Inactive
Configuration:
monitor capture buffer PACKET size 512 max-size 1024 circular
monitor capture point associate Vlan11_CAP PACKET
#### After start
IOS-1# show monitor capture buffer all parameters
Capture buffer PACKET (circular buffer)
Buffer Size : 524288 bytes, Max Element Size : 1024 bytes, Packets : 3
Allow-nth-pak : 0, Duration : 0 (seconds), Max packets : 0, pps : 0
Associated Capture Points:
Name : Vlan11_CAP, Status : Active
Configuration:
monitor capture buffer PACKET size 512 max-size 1024 circular
monitor capture point associate Vlan11_CAP PACKET
#### Generate traffic ping from other side
IOS-2# ping 172.16.12.1 source 172.16.12.2 repeat 3
Type escape sequence to abort.
Sending 3, 100-byte ICMP Echos to 172.16.12.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.12.2
!!!
Success rate is 100 percent (3/3), round-trip min/avg/max = 4/6/8 ms
#### Information captured packets
IOS-1# show monitor capture buffer PACKET
09:31:23.299 UTC Aug 27 2013 : IPv4 LES CEF : Vl11 None
09:31:23.303 UTC Aug 27 2013 : IPv4 LES CEF : Vl11 None
09:31:23.311 UTC Aug 27 2013 : IPv4 LES CEF : Vl11 None
#### Show the dump packets
IOS-1# show monitor capture buffer PACKET dump
09:31:23.299 UTC Aug 27 2013 : IPv4 LES CEF : Vl11 None
AD39BE70: AABBCC80 0700AABB CC800800 08004500 *;L...*;L.....E.
AD39BE80: 006404B5 0000FE01 47C0AC10 0C02AC10 .d.5..~.G@,...,.
AD39BE90: 0C010800 6BF90004 00000000 00000009 ....ky..........
AD39BEA0: 1244ABCD ABCDABCD ABCDABCD ABCDABCD .D+M+M+M+M+M+M+M
AD39BEB0: ABCDABCD ABCDABCD ABCDABCD ABCDABCD +M+M+M+M+M+M+M+M
AD39BEC0: ABCDABCD ABCDABCD ABCDABCD ABCDABCD +M+M+M+M+M+M+M+M
AD39BED0: ABCDABCD ABCDABCD ABCDABCD ABCDABCD +M+M+M+M+M+M+M+M
AD39BEE0: ABCD00 +M.
09:31:23.303 UTC Aug 27 2013 : IPv4 LES CEF : Vl11 None
AD39BE70: AABBCC80 0700AABB CC800800 08004500 *;L...*;L.....E.
AD39BE80: 006404B6 0000FE01 47BFAC10 0C02AC10 .d.6..~.G?,...,.
AD39BE90: 0C010800 6BF00004 00010000 00000009 ....kp..........
AD39BEA0: 124CABCD ABCDABCD ABCDABCD ABCDABCD .L+M+M+M+M+M+M+M
AD39BEB0: ABCDABCD ABCDABCD ABCDABCD ABCDABCD +M+M+M+M+M+M+M+M
AD39BEC0: ABCDABCD ABCDABCD ABCDABCD ABCDABCD +M+M+M+M+M+M+M+M
AD39BED0: ABCDABCD ABCDABCD ABCDABCD ABCDABCD +M+M+M+M+M+M+M+M
AD39BEE0: ABCD00 +M.
09:31:23.311 UTC Aug 27 2013 : IPv4 LES CEF : Vl11 None
AD39BE70: AABBCC80 0700AABB CC800800 08004500 *;L...*;L.....E.
AD39BE80: 006404B7 0000FE01 47BEAC10 0C02AC10 .d.7..~.G>,...,.
AD39BE90: 0C010800 6BE70004 00020000 00000009 ....kg..........
AD39BEA0: 1254ABCD ABCDABCD ABCDABCD ABCDABCD .T+M+M+M+M+M+M+M
AD39BEB0: ABCDABCD ABCDABCD ABCDABCD ABCDABCD +M+M+M+M+M+M+M+M
AD39BEC0: ABCDABCD ABCDABCD ABCDABCD ABCDABCD +M+M+M+M+M+M+M+M
AD39BED0: ABCDABCD ABCDABCD ABCDABCD ABCDABCD +M+M+M+M+M+M+M+M
AD39BEE0: ABCD00 +M.
#### Save buffer to log file .pcap
IOS-1# monitor capture buffer PACKET export ftp://172.16.12.10//IOS_Vlan11.pcap
Writing /IOS_Vlan11.pcap % Export of Capture Buffer failed
Unfortunately I can't export capture buffer, due to ftp server isn't working, Next time I will fix ftp server.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment