56-9
Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG
OL-25340-01
Chapter 56 Configuring Wireshark
Configuring Wireshark
To define a capture point, use the following commands:
To clear the buffer contents, use the following command
To start and stop a capture point, use the following command:
Examples
Associating/disassociating a capture file
Switch# monitor capture point mycap file location bootdisk:mycap.pcap
Switch# no monitor capture mycap file
[no] monitor capture mycap match mac {src-mac-addr
src-mac-mask | any | host src-mac-addr} | {dest-mac-addr
dest-mac-mask | any | host dest-mac-addr}
Specifies use of a filter for MAC.
To remove the filter, use the no form of this command.
[no] monitor capture mycap match {ipv4 | ipv6}
[src-prefix/length | any | host src-ip-addr] [dest-prefix/length
| any | host dest-ip-addr]
[no] monitor capture mycap match {ipv4 | ipv6} proto
{tcp | udp} [src-prefix/length | any | host src-ip-addr] [eq |
gt | lt | neq <0-65535>] [dest-prefix/length
| any | host
dest-ip-addr] [eq | gt | lt | neq <0-65535>]
Specifies a filter for IPv4/IPv6, use one of the formats.
To remove the filters, use the no form of this command.
Command Purpose
Command Purpose
monitor capture name [{interface name | vlan num |
control-plane} {in | out | both}
Specifies one or more attachment points with direction.
To remove the attachment point, use the no form of this
command.
monitor capture name [[file location filename [buffer-size
<1-100>] [ring <2-10>] [size <1-100>]] | [buffer [circular]
size <1-100>]]
Specifies the capture destination.
To remove the details, use the no form of this command.
[no] monitor capture name limit {duration seconds]
[packet-length size] [packets num]
Specifies capture limits.
To remove the limits, use the no form of this command.
Command Purpose
monitor capture [clear | export filename] Clears capture buffer contents or stores the packets to a file.
Command Purpose
monitor capture name start [capture-filter filter-string]
[display [display-filter filter-string]] [brief | detailed |
dump | stop]
To start or stop a capture point, use the monitor capture
command.
To Next Page
Loading...
