Packet capture in 1841 Router

Unanswered Question
Mar 20th, 2009
User Badges:

Hi All,

I have CISCO 1841 Router. It is working perfectly.

I want to see / capture all the packets passing through / processed by the Router. I want to see the payload and details of the traffic.

I tried to take the logs. I am getting only the events happening in the firewall like source / destination address details, but not the payload. I want to capture these traffic and analyse it using protocol analyzer tools like Ethereal / Wireshark.

I am able to do this in ASA firewall using "capture" command. How to achieve this in Cisco Router

Kindly help me.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Richard Burts Fri, 03/20/2009 - 08:10
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


It is very nice that the ASA has this capability. However the ASA is a very different OS from the 1841 router. I am not aware of any way to do a similar function on the 1841.



hclisschennai Fri, 03/20/2009 - 08:44
User Badges:


Any way is it possible to do this in Cisco Switches


Jerry Ye Fri, 03/20/2009 - 08:56
User Badges:
  • Cisco Employee,

Hi Kumar,

You can create a SPAN port on the Cisco switch with monitor session command and then use Wireshark to capture it. Cisco routers and switches do not have the capture feature like the FW's.



hclisschennai Fri, 03/20/2009 - 10:57
User Badges:

Hi Jerry,

I am going through Cisco Literatures and found two methods of doing packet capture in Routers.

Method 1: traffic-export

Method 2: EPC ( Embedded Packet Capturing)

Do you any comment on this.?

What is the difference between these two?


Jerry Ye Fri, 03/20/2009 - 12:03
User Badges:
  • Cisco Employee,

Hi Kumar,

I have not use these feature. Just reading something off CCO - EPC is for the 7200 platform and only available to IOS 12.4(20)T or beyond.

However, traffic-export is an older feature. The concept of traffic-export is similar to netflow-export, where it required an external decoder/sniffer. I would think that monitoring the CPU utilization is a good idea when first turned on these features.




This Discussion