Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4674
Views
10
Helpful
7
Replies

Packet capture in 1841 Router

hclisschennai
Level 1
Level 1

‎03-20-2009 07:54 AM - edited ‎03-04-2019 04:01 AM

Hi All,

I have CISCO 1841 Router. It is working perfectly.

I want to see / capture all the packets passing through / processed by the Router. I want to see the payload and details of the traffic.

I tried to take the logs. I am getting only the events happening in the firewall like source / destination address details, but not the payload. I want to capture these traffic and analyse it using protocol analyzer tools like Ethereal / Wireshark.

I am able to do this in ASA firewall using "capture" command. How to achieve this in Cisco Router

Kindly help me.

regards,

R.B.Kumar

Labels:
0 Helpful
7 Replies 7

Richard Burts
Hall of Fame
Hall of Fame

‎03-20-2009 08:10 AM

R.B.Kumar

It is very nice that the ASA has this capability. However the ASA is a very different OS from the 1841 router. I am not aware of any way to do a similar function on the 1841.

HTH

Rick

HTH

Rick
0 Helpful

hclisschennai
Level 1
Level 1
In response to Richard Burts

‎03-20-2009 08:44 AM

Hi,

Any way is it possible to do this in Cisco Switches

R.B.Kumar

0 Helpful

Jerry Ye
Cisco Employee
Cisco Employee
In response to hclisschennai

‎03-20-2009 08:56 AM

Hi Kumar,

You can create a SPAN port on the Cisco switch with monitor session command and then use Wireshark to capture it. Cisco routers and switches do not have the capture feature like the FW's.

HTH,

jerry

0 Helpful

hclisschennai
Level 1
Level 1
In response to Jerry Ye

‎03-20-2009 10:57 AM

Hi Jerry,

I am going through Cisco Literatures and found two methods of doing packet capture in Routers.

Method 1: traffic-export

Method 2: EPC ( Embedded Packet Capturing)

Do you any comment on this.?

What is the difference between these two?

R.B.Kumar

0 Helpful

Jerry Ye
Cisco Employee
Cisco Employee
In response to hclisschennai

‎03-20-2009 12:03 PM

Hi Kumar,

I have not use these feature. Just reading something off CCO - EPC is for the 7200 platform and only available to IOS 12.4(20)T or beyond.

However, traffic-export is an older feature. The concept of traffic-export is similar to netflow-export, where it required an external decoder/sniffer. I would think that monitoring the CPU utilization is a good idea when first turned on these features.

http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_ip_traff_export_ps6350_TSD_Products_Configuration_Guide_Chapter.html

HTH,

jerry

Mark Yeates
Level 7
Level 7

‎03-20-2009 11:06 AM

R.B.Kumar

You could give IP Traffic Export Packet Capture at try. I have not used or tested this feature yet, but this may help.

http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/ht_rawip.html#wp1051438

HTH,

Mark

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card