68-13
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Chapter 68 Configuring Wireshark
How to Configure Wireshark
To define a capture point, use the following commands:
To clear the buffer contents, use the following command
To start and stop a capture point, use the following command:
Examples
Associating or Disassociating a Capture File
Switch# monitor capture point mycap file location bootdisk:mycap.pcap
Switch# no monitor capture mycap file
Specifying a Memory Buffer Size for Packet Burst Handling
Switch# monitor capture mycap buffer-size 1000000
Defining an Explicit Core System Filter to Match Both IPv4 and IPv6 TCP Traffic
Switch# monitor capture mycap match any protocol tcp
Defining a Core System Filter Using an Existing ACL or Class Map
Switch# monitor capture mycap match access-list myacl
Switch# monitor capture mycap match class-map mycm
Command Purpose
monitor capture name [{interface name | vlan num |
control-plane} {in | out | both}
Specifies one or more attachment points with direction.
To remove the attachment point, use the no form of this
command.
monitor capture name [[file location filename [buffer-size
<1-100>] [ring <2-10>] [size <1-100>]] | [buffer [circular]
size <1-100>]]
Specifies the capture destination.
To remove the details, use the no form of this command.
[no] monitor capture name limit {duration seconds]
[packet-length size] [packets num]
Specifies capture limits.
To remove the limits, use the no form of this command.
Command Purpose
monitor capture [clear | export filename] Clears capture buffer contents or stores the packets to a file.
Command Purpose
monitor capture name start [capture-filter filter-string]
[display [display-filter filter-string]] [brief | detailed |
dump | stop]
To start or stop a capture point, use the monitor capture
command.
To Next Page
Loading...
