{"id":1043,"date":"2015-12-26T11:17:49","date_gmt":"2015-12-26T11:17:49","guid":{"rendered":"http:\/\/www.plugged.in\/?p=1043"},"modified":"2015-12-26T11:17:49","modified_gmt":"2015-12-26T11:17:49","slug":"finally-cisco-routers-to-have-a-packet-capture-mechanism","status":"publish","type":"post","link":"https:\/\/www.veriteknik.net.tr\/en\/finally-cisco-routers-to-have-a-packet-capture-mechanism\/","title":{"rendered":"Finally Cisco Routers to have a packet capture mechanism"},"content":{"rendered":"

Before iOS revision 12.4 you were having access-lists and debug facility to get a clue about the packets passing through an interface. Now it is fairly easy to get packets and even export them as .pcap to analyse within a few easy steps.<\/p>\n

First thing to do is, create an access-list based on your requirements:<\/p>\n

conf t\nip access-list extended HTTP_TEST\n\tpermit tcp any any eq www\nend\n<\/pre>\n
Now on the enable mode “type en” type the following to create your capture related to the access-list you created<\/p>\n
monitor capture buffer HTTP_BUFFER\nmonitor capture buffer HTTP_BUFFER filter access-list HTTP_TEST<\/pre>\n
Select the desired interface you want your capture to collect packets<\/p>\n
monitor capture point ip cef HTTP_POINT GigabitEthernet0\/2 both<\/pre>\n
Now start collecting packets<\/p>\n
monitor capture point associate HTTP_POINT HTTP_BUFFER\n\nmonitor capture point start HTTP_POINT<\/pre>\n
Type “sh monitor capture buffer all parameters” to get if a packet collected or not<\/p>\n
Capture buffer HTTP_BUFFER (linear buffer)\nBuffer Size : 1048576 bytes, Max Element Size : 68 bytes, Packets : 5\nAllow-nth-pak : 0, Duration : 0 (seconds), Max packets : 0, pps : 0\nAssociated Capture Points:\nName : HTTP_POINT, Status : Inactive\nConfiguration:\nmonitor capture buffer HTTP_BUFFER \nmonitor capture point associate HTTP_POINT HTTP_BUFFER\nmonitor capture buffer HTTP_BUFFER filter access-list HTTP_TEST<\/pre>\n
don’t forget to stop the capture with the command:<\/p>\n
monitor capture point stop HTTP_POINT<\/pre>\n
to export the packets type the following and don’t forget to delete the capture buffer, install a tftp server to your client and change the IP below to your client’s IP address.<\/p>\n
monitor capture buffer HTTP_BUFFER export tftp:\/\/192.168.1.2\/HTTP.pcap\n!and delete the capture buffer\nno monitor capture buffer HTTP_BUFFER<\/pre>\n
and as a summary of the commands all together:<\/p>\n
conf t\nip access-list extended HTTP_TEST\n\tpermit tcp any any eq http\nend\n\nmonitor capture buffer HTTP_BUFFER\nmonitor capture buffer HTTP_BUFFER filter access-list HTTP_TEST\n\n\nmonitor capture point ip cef HTTP_POINT GigabitEthernet0\/2 both\n\nmonitor capture point associate HTTP_POINT HTTP_BUFFER\n\nmonitor capture point start HTTP_POINT\n\nsh monitor capture buffer all parameters\n\nmonitor capture point stop HTTP_POINT\n\nmonitor capture buffer HTTP_BUFFER export tftp:\/\/192.168.1.2\/HTTP2.pcap\n\nno monitor capture buffer HTTP_BUFFER\n\nshow monitor capture buffer HTTP_BUFFER dump<\/pre>\n","protected":false},"excerpt":{"rendered":"
Before iOS revision 12.4 you were having access-lists and debug facility to get a clue about the packets passing through an interface. Now it is fairly easy to get packets and even export them as .pcap to analyse within a few easy steps. First thing to do is, create an access-list based on your requirements: […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_uag_custom_page_level_css":"","footnotes":""},"categories":[386],"tags":[],"yst_prominent_words":[1441,1442,1439,1437,671,606,1137,1440,908,1438,863],"class_list":["post-1043","post","type-post","status-publish","format-standard","hentry","category-network"],"jetpack_featured_media_url":"","uagb_featured_image_src":{"full":false,"thumbnail":false,"medium":false,"medium_large":false,"large":false,"1536x1536":false,"2048x2048":false},"uagb_author_info":{"display_name":"ckaraca","author_link":"https:\/\/www.veriteknik.net.tr\/en\/author\/ckaraca\/"},"uagb_comment_info":0,"uagb_excerpt":"Before iOS revision 12.4 you were having access-lists and debug facility to get a clue about the packets passing through an interface. Now it is fairly easy to get packets and even export them as .pcap to analyse within a few easy steps. First thing to do is, create an access-list based on your requirements:…","_links":{"self":[{"href":"https:\/\/www.veriteknik.net.tr\/en\/wp-json\/wp\/v2\/posts\/1043","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.veriteknik.net.tr\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.veriteknik.net.tr\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.veriteknik.net.tr\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.veriteknik.net.tr\/en\/wp-json\/wp\/v2\/comments?post=1043"}],"version-history":[{"count":0,"href":"https:\/\/www.veriteknik.net.tr\/en\/wp-json\/wp\/v2\/posts\/1043\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.veriteknik.net.tr\/en\/wp-json\/wp\/v2\/media?parent=1043"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.veriteknik.net.tr\/en\/wp-json\/wp\/v2\/categories?post=1043"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.veriteknik.net.tr\/en\/wp-json\/wp\/v2\/tags?post=1043"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https:\/\/www.veriteknik.net.tr\/en\/wp-json\/wp\/v2\/yst_prominent_words?post=1043"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}