0% found this document useful (0 votes)
217 views3 pages

Embedded Packet Capture

The document discusses packet capture capabilities on an ASR1K router. Specifically, it provides instructions on how to configure embedded packet capture on an ASR-3-P-2 router to capture ingress traffic on interface GigabitEthernet0/0/1 matching source address 10.255.255.1. It also verifies the configuration is active and shows the captured packets.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
217 views3 pages

Embedded Packet Capture

The document discusses packet capture capabilities on an ASR1K router. Specifically, it provides instructions on how to configure embedded packet capture on an ASR-3-P-2 router to capture ingress traffic on interface GigabitEthernet0/0/1 matching source address 10.255.255.1. It also verifies the configuration is active and shows the captured packets.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Kunjan Naidu -T (kunaidu - ADECCO INDIA PRIVATE LIMITED at Cisco)

Subject: Packet Capture Capabilities | ASR1K - Embedded Packet Capture | Training

P a c k e t C a p t u r e C a p a b i l i t i e s | A S R 1 K - E m b e d d e d P a c k e t C a p t u r e

Please refer to HTTS Static Lab for complete LAB Topology


C u r r e n t T o p o l o g y S n a p s h o t : :

10.255.255.1 lo0 [7600-1-PE-1]-----ospf------{GigabitEthernet0/0/1}[ASR-3-P-2]

GigabitEthernet0/0/1 (ASR-3-P-2) Ingress Traffic


S o u r c e I n t e r f a c e : :

To capture all the traffic from source address 10.255.255.1 hitting on GigabitEthernet0/0/1
O
b j e c t i v e : :

Packets can be captured through, to and from the router.


E m b e d d e d P a c k e t C a p t u r e : :

<------- configuration --------->

ASR-3-P-2(config)#ip access-list standard kunaidu-test


ASR-3-P-2(config-std-nacl)#10 permit 10.255.255.1

ASR-3-P-2#monitor capture cap access-list kunaidu-test limit packets 10 interface


GigabitEthernet0/0/1 in buffer size 10

<------- configuration --------->


V e r i f y : :

ASR-3-P-2#sh monitor capture cap

Status Information for Capture cap


Target Type:
Interface: GigabitEthernet0/0/1, Direction: in
Status : Inactive
Filter Details:
Access-list: kunaidu-test
Buffer Details:
Buffer Type: LINEAR (default)
Buffer Size (in MB): 10
Limit Details:
Number of Packets to capture: 10
Packet Capture duration: 0 (no limit)
Packet Size to capture: 0 (no limit)
Packet sampling rate: 0 (no sampling)

S t a r t t h e C a p t u r e : :

ASR-3-P-2#monitor capture cap start

1
There is ospf running between the nodes hence control packets will be captured. No need to generate
P l e a s e N o t e : :

icmp traffic in this case.


V e r i f y : :

ASR-3-P-2#show monitor capture cap

Status Information for Capture cap


Target Type:
Interface: GigabitEthernet0/0/1, Direction: in
Status : Active
Filter Details:
Access-list: kunaidu-test
Buffer Details:
Buffer Type: LINEAR (default)
Buffer Size (in MB): 10
Limit Details:
Number of Packets to capture: 10
Packet Capture duration: 0 (no limit)
Packet Size to capture: 0 (no limit)
Maximum number of packets to capture per second: 1000
Packet sampling rate: 0 (no sampling)

ASR-3-P-2#show monitor capture cap buffer


buffer size : 10485760
buffer used : 1020
packets in buffer: 10
average PPS : 0
T o V i e w t h e p a c k e t s : :

ASR-3-P-2#show monitor capture cap buffer dump


0
0000: 2C542D0D A7015475 D0AEE600 080045C0 ,T-...Tu......E.
0010: 003AB4C3 0000FF06 F2370AFF FF010AFF .:.......7......
0020: FF020286 E07B98C6 7ADBF78A 751F5010 .....{..z...u.P.
0030: 0EA6AEA7 00000001 000E0AFF FF010000 ................
0040: 02010004 00006F0F ......o.

1
0000: 2C542D0D A7015475 D0AEE600 080045C0 ,T-...Tu......E.
0010: 0028B4C4 0000FF06 F2480AFF FF010AFF .(.......H......
0020: FF020286 E07B98C6 7AEDF78A 75315010 .....{..z...u1P.
0030: 0E9429CC 0000 ..)...

2
0000: 01005E01 01015475 D0AEE600 080045C0 ..^...Tu......E.
0010: 005274D0 0000FF2F 54E90AFF FF01E601 .Rt..../T.......
0020: 01010000 080045C0 003A74CF 00000167 ......E..:t....g
0030: 59C00AFF FF01E000 000D2000 81E30001 Y......... .....
0040: 00020069 00140004 662BF84E 00130004 ...i....f+.N....
0050: 00000001 00150004 01000000 FDEC0000 ................

T o e x p o r t t h e c a p f i l e : :

2
ASR-3-P-2#monitor capture cap export bootflash:cap1-kunaidu.cap
Exported Successfully

This file can be viewed in WireShark


V e r i f y : :

ASR-3-P-2#dir bootflash:cap1-kunaidu.cap
Directory of bootflash:/cap1-kunaidu.cap

16071 -rw- 978 Jun 18 2015 06:13:35 +00:00 cap1-kunaidu.cap

D e a c t i v a t e a n d r e m o v e c a p t u r e d e f i n e d : :

ASR-3-P-2#monitor capture cap stop

ASR-3-P-2#monitor capture cap clear

ASR-3-P-2#no monitor capture cap


V e r i f y : :

ASR-3-P-2#show monitor capture cap


Capture cap does not exist
D e l e t e t h e c a p f i l e c r e a t e d : :

ASR-3-P-2#delete bootflash:cap1-kunaidu.cap
V e r i f y : :

ASR-3-P-2#dir bootflash:cap1-kunaidu.cap
%Error opening bootflash:/cap1-kunaidu.cap (No such file or directory)

Regards,
…………………………………………………………………………………
Kunjan Naidu
CSE | Routing Group - HTTS
Cisco Systems, Inc.
[email protected]
Phone# +91 80-4426-7937

Office Hours: Monday through Friday from 09:00 hrs - 17:00 hrs IST

Please CC [email protected] in your subject line to add them to the case.

For assistance in my absence, please call Cisco HTTS Toll Free number: +1.800.495.9121 for next
available engineer.

You might also like