Packet capture in 1841 Router

Unanswered Question
Mar 20th, 2009

Hi All,

I have CISCO 1841 Router. It is working perfectly.

I want to see / capture all the packets passing through / processed by the Router. I want to see the payload and details of the traffic.

I tried to take the logs. I am getting only the events happening in the firewall like source / destination address details, but not the payload. I want to capture these traffic and analyse it using protocol analyzer tools like Ethereal / Wireshark.

I am able to do this in ASA firewall using "capture" command. How to achieve this in Cisco Router

Kindly help me.

regards,

R.B.Kumar

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Richard Burts Fri, 03/20/2009 - 08:10

R.B.Kumar

It is very nice that the ASA has this capability. However the ASA is a very different OS from the 1841 router. I am not aware of any way to do a similar function on the 1841.

HTH

Rick

Jerry Ye Fri, 03/20/2009 - 08:56

Hi Kumar,

You can create a SPAN port on the Cisco switch with monitor session command and then use Wireshark to capture it. Cisco routers and switches do not have the capture feature like the FW's.

HTH,

jerry

hclisschennai Fri, 03/20/2009 - 10:57

Hi Jerry,

I am going through Cisco Literatures and found two methods of doing packet capture in Routers.

Method 1: traffic-export

Method 2: EPC ( Embedded Packet Capturing)

Do you any comment on this.?

What is the difference between these two?

R.B.Kumar

Jerry Ye Fri, 03/20/2009 - 12:03

Hi Kumar,

I have not use these feature. Just reading something off CCO - EPC is for the 7200 platform and only available to IOS 12.4(20)T or beyond.

However, traffic-export is an older feature. The concept of traffic-export is similar to netflow-export, where it required an external decoder/sniffer. I would think that monitoring the CPU utilization is a good idea when first turned on these features.

http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_ip_traff_export_ps6350_TSD_Products_Configuration_Guide_Chapter.html

HTH,

jerry

Actions

This Discussion