03-20-2009 07:54 AM - edited 03-04-2019 04:01 AM
Hi All,
I have CISCO 1841 Router. It is working perfectly.
I want to see / capture all the packets passing through / processed by the Router. I want to see the payload and details of the traffic.
I tried to take the logs. I am getting only the events happening in the firewall like source / destination address details, but not the payload. I want to capture these traffic and analyse it using protocol analyzer tools like Ethereal / Wireshark.
I am able to do this in ASA firewall using "capture" command. How to achieve this in Cisco Router
Kindly help me.
regards,
R.B.Kumar
03-20-2009 08:10 AM
R.B.Kumar
It is very nice that the ASA has this capability. However the ASA is a very different OS from the 1841 router. I am not aware of any way to do a similar function on the 1841.
HTH
Rick
03-20-2009 08:44 AM
Hi,
Any way is it possible to do this in Cisco Switches
R.B.Kumar
03-20-2009 08:56 AM
Hi Kumar,
You can create a SPAN port on the Cisco switch with monitor session command and then use Wireshark to capture it. Cisco routers and switches do not have the capture feature like the FW's.
HTH,
jerry
03-20-2009 10:57 AM
Hi Jerry,
I am going through Cisco Literatures and found two methods of doing packet capture in Routers.
Method 1: traffic-export
Method 2: EPC ( Embedded Packet Capturing)
Do you any comment on this.?
What is the difference between these two?
R.B.Kumar
03-20-2009 12:03 PM
Hi Kumar,
I have not use these feature. Just reading something off CCO - EPC is for the 7200 platform and only available to IOS 12.4(20)T or beyond.
However, traffic-export is an older feature. The concept of traffic-export is similar to netflow-export, where it required an external decoder/sniffer. I would think that monitoring the CPU utilization is a good idea when first turned on these features.
HTH,
jerry
03-20-2009 11:06 AM
R.B.Kumar
You could give IP Traffic Export Packet Capture at try. I have not used or tested this feature yet, but this may help.
http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/ht_rawip.html#wp1051438
HTH,
Mark
03-20-2009 05:28 PM
Its rather clunky but it works in a pinch...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide