68-30
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Chapter 68 Configuring Wireshark
Usage Examples for Wireshark
Status : Inactive
Filter Details:
IPv4
Source IP: any
Destination IP: any
Protocol: any
File Details:
Associated file name: bootflash:mycap.pcap
Buffer Details:
Buffer Type: LINEAR (default)
Limit Details:
Number of Packets to capture: 100
Packet Capture duration: 60
Step 3 Launch packet capture by entering:
Switch# monitor capture mycap start
Let the capture operation stop automatically after the time has elapsed or the packet count has been met.
The mycap.pcap file now contains the captured packets.
Step 4 Display the packets by entering:
Switch# show monitor capture file bootflash:mycap.pcap
0.000000 10.1.1.30 -> 20.1.1.2 UDP Source port: 20001 Destination port: 20002
1.000000 10.1.1.31 -> 20.1.1.2 UDP Source port: 20001 Destination port: 20002
2.000000 10.1.1.32 -> 20.1.1.2 UDP Source port: 20001 Destination port: 20002
3.000000 10.1.1.33 -> 20.1.1.2 UDP Source port: 20001 Destination port: 20002
4.000000 10.1.1.34 -> 20.1.1.2 UDP Source port: 20001 Destination port: 20002
5.000000 10.1.1.35 -> 20.1.1.2 UDP Source port: 20001 Destination port: 20002
6.000000 10.1.1.36 -> 20.1.1.2 UDP Source port: 20001 Destination port: 20002
7.000000 10.1.1.37 -> 20.1.1.2 UDP Source port: 20001 Destination port: 20002
8.000000 10.1.1.38 -> 20.1.1.2 UDP Source port: 20001 Destination port: 20002
9.000000 10.1.1.39 -> 20.1.1.2 UDP Source port: 20001 Destination port: 20002
Step 5 Delete the capture point by entering:
Switch# no monitor capture mycap
Example: Simple Capture and Store of Packets in Egress Direction
This example shows how to capture live traffic and store the packets in egress direction using lock-step
with high-speed mode.
Step 1 Define a capture point to match on the relevant traffic and associate it to a file by entering:
Switch# monitor capture mycap interface gi 3/1 out match ipv4 any any
Switch# monitor capture mycap limit duration 60 packets 100
Switch# monitor cap mycap file location bootflash:mycap.pcap buffer-size 90
Step 2 Confirm that the capture point has been correctly defined by entering:
Switch# show monitor capture mycap parameter
monitor capture mycap interface GigabitEthernet3/1 out
monitor capture mycap match ipv4 any any
monitor capture mycap file location bootflash:mycap.pcap buffer-size 90
monitor capture mycap limit packets 100000 duration 60
Switch# show monitor capture mycap
Target Type:
Interface: GigabitEthernet3/1, Direction: out
To Next Page
Loading...
