jueves, 18 de febrero de 2016

[Cisco IOS] Packet capture on cisco IOS

Pretty much everyone familiar with a cisco ASA know how useful and handy the capture command can be! Have you ever wonder how to do something similar on routers? Well, a embedded packet capture feature was introduced staring at v12.4(20)T for IOS and 15.2(4)S for IOS-XE.


It requires additional steps than his firewall cousin, but the results are pretty much the same. I will not cover the details since you can found a lot of documentation on the web, but pretty much this is wht you need to do:

conf t
!
access-list 177 permit ip 10.20.15.0 0.0.0.255 host 10.60.18.21
access-list 177 permit ip 10.30.16.0 0.0.0.255 host 10.60.18.21
access-list 177 permit ip 10.40.17.0 0.0.0.255 host 192.168.240.100
access-list 177 permit ip 10.50.18.0 0.0.0.255 host 192.168.240.100
end
!
monitor capture buffer holdpackets
monitor capture buffer holdpackets filter access-list 177
monitor capture point ip cef CUSTOMTRACE gigabitEthernet 0/1 both
monitor capture point associate CUSTOMTRACE holdpackets
!
monitor capture point start CUSTOMTRACE
!
! diplay the information capture
show monitor capture buffer holdpackets parameters
show monitor capture buffer holdpackets dump
!
monitor capture point stop CUSTOMTRACE
monitor capture buffer holdpackets clear

In my opinion, this captures aren't that easy to read, this is an example of the output of the capture:



For simplicity I always transfer the capture to a tftp server so I can read it using Wireshark.

monitor capture buffer holdpackets export tftp://10.10.180.55/CustomCapture.pcap

I hope you can find this useful.

1 comentario:

Priyatamil dijo...

Thanks for sharing this informative blog. I have read your blog and I gathered some valuable information from this blog. Keep posting.
GRE Training in Chennai
GRE Coaching in Chennai
GRE Training institutes in Chennai