Cisco Embedded Packet Capture (12.4 T) [EPC] – tcpdump on the cisco router

Cisco Embedded Packet Capture (12.4 T) EPC

Cisco IOS Embedded Packet Capture (EPC) is an onboard packet capture facility that allows network administrators to capture packets flowing to, through or from the device and to analyze them locally or save and export them for offline analysis using a tool like Wireshark. This feature simplifies operations by allowing the devices to become active participants in the management and operation of the network. This feature facilitates better troubleshooting by gathering information on packet format. It also facilitates application analysis and security.

 

Starting Packet Data Capture

The following example shows how to capture packets to and from Fast Ethernet 0/1 interface:

Router#
monitor capture buffer pktrace1 ip cef ipceffa0/1 fastEthernet 0/1 both
monitor capture point associate ipceffa0/1 pktrace1
monitor capture point start ipceffa0/1

Mar 21 11:13:34.023: %BUFCAP-6-ENABLE: Capture Point ipceffa0/1 enabled.

Router#

show monitor capture point all

Status Information for Capture Point ipceffa0/1

IPv4 CEF

Switch Path: IPv4 CEF            , Capture Buffer: pktrace1

Status : Inactive

Configuration:

monitor capture point ip cef ipceffa0/1 FastEthernet0/1 both

Router#

show monitor capture buffer all

Capture buffer pktrace1 (circular buffer)

Buffer Size : 262144 bytes, Max Element Size : 256 bytes, Packets : 31

Allow-nth-pak : 0, Duration : 0 (seconds), Max packets : 0, pps : 0

Associated Capture Points:

Name : ipceffa0/1, Status : Active

Configuration:

monitor capture buffer pktrace1 size 256 max-size 256 circular

monitor capture point associate ipceffa0/1 pktrace1

Stopping Packet Data Capture

The following example shows how to stop capturing packet data:

Router> enable

Router# monitor capture point stop ipceffa0/1

Mar 21 11:14:20.152: %BUFCAP-6-DISABLE: Capture Point ipceffa0/1 disabled.

Exporting Packet Data

The following example shows how to export data for analysis through an external tool:

Router#

monitor capture buffer pktrace1 export tftp://88.1.88.9/pktrace1

 

This entry was posted in Cisco and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s