![]() PCAP file stored on the Switch Flash ready for us to export and open with a program like Wireshark. Once we have collected enough data for our needs, we can stop the capture using the following command: Switch# monitor capture stop Final Thoughts To see the current status of our active Packet Capture, use the below command: Switch# show monitor capture Stopping the Packet Capture With our parameters now configured, we can start our Packet Capture with the command: Switch# monitor capture start Displaying Active Captures In order to save the Packet Capture to the Flash of the Switch, use the command below: Switch# monitor capture file location flash.pcap Starting the Packet Capture PCAP file that can be read by programs like Wireshark. For captures that require deeper analysis, its usually preferable to export the capture to a standard. Switch# monitor capture match ipv4 any any Exporting Packet Capture Output to a PCAP Fileīy default, the Packet Capture will be saved to the Switch’s buffer. Here is some sample configuration for capturing IPv4 traffic on a specific Port in both directions. ![]() Up to 8 Captures can be configured, but only one at a time can be activeīefore we get started, we need to define exactly the type of traffic we wish to capture.Packet Capture works for a minimum of 2 seconds.Layer 2 EtherChannels are not supported.Restrictionsīefore we get started with the configuration, let’s take a look at some Packet Capture restrictions according to Cisco Documentation. If you choose to do so, you can configure it as either circular (where information is constantly overwritten when the Buffer is full) or linear (where once the Buffer is full, no new information is saved).Īlthough we are able to store the Capture in the Switch Buffer, this guide will aim to export the data to a more permanent. It is possible to store the information gleaned from a Packet Capture in the Switch Buffer. Recently I discovered that they have the ability to capture packets on the Switch themselves (specifying a port) then save the file on the local flash ready for FTP export. Cisco’s 9300 line of Switches are a welcome upgrade to the line-up.
0 Comments
Leave a Reply. |