Here is an example configuration
monitor capture buffer pktrace1 size 256 max-size 128 circular monitor capture point ip process-switched ipsfa0/0 both monitor capture point associate ipsfa0/0 pktrace1 monitor capture point start ipsfa0/0 To look at the packet capture on the router issue the command Show monitor capture buffer pktrace1 dump Regards, Tyson Scott - CCIE #13513 R&S and Security Technical Instructor - IPexpert, Inc. Telephone: +1.810.326.1444 Cell: +1.248.504.7309 Fax: +1.810.454.0130 Mailto: <mailto:[email protected]> [email protected] Join our free online support and peer group communities: <http://www.IPexpert.com/communities> http://www.IPexpert.com/communities IPexpert - The Global Leader in Self-Study, Classroom-Based, Video On Demand and Audio Certification Training Tools for the Cisco CCIE R&S Lab, CCIE Security Lab, CCIE Service Provider Lab , CCIE Voice Lab and CCIE Storage Lab Certifications. From: [email protected] [mailto:[email protected]] On Behalf Of Shawn H Mesiatowsky Sent: Thursday, June 11, 2009 12:25 PM To: [email protected] Subject: [OSL | CCIE_Security] Packet capture on Router Is there a way to view a packet capture that was performed on a router using the ip traffic export command? The only way I have been able to view the trace is by uploading to a tftp server and viewing in wireshark. If I use the following commands: traffic-export interface fa0/1 copy flash:test.pcap more test.pcap I can see the contents of the pcap file, but it is a binary file, so I just see the hex code for the file. Is there a command to export captured data into a text format? Will I be able to copy to a tftp server and view with wireshark in the actual lab? Is there a computer in the lab hooked up to the 3560 to perform a span in the lab and capture with wireshark? I love the capture functionality on the firewalls, as you can view the contents of the capture right on the firewall itself. I guess you can also use a debug ip packet ACL command in the lab, or use net flow or ip accounting for troubleshooting, but nothing beats a packet capture! Maybe my strategy is wrong as well. In the real world, I use captures to verify that packets are getting to where they are supposed to go. This is always my second step (first being to look at logs, especially on firewalls for denies). Should a train myself to rely less on captures? Thanks for any advice!
