08-25-2010 03:26 AM - edited 03-10-2019 05:21 PM
Hi
I'm just installing ACS 5.1 for the first time and came across the tech dumptcp 'feature'.
This command seems to be almost completely useless for capturing packets at the ACS 5.1 OS!
It's not possible to specify a filter or capture the packets to disk. The only options that exist are the ability to specify the number of packets that are dumped to the console which rather limits its usefulness, especially if you're SSHed in to ACS 5.1 in the first place.
tech dumptcp 0 count ?
<1-10000> Package count
Reading the command reference at http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/command/reference/cli_app_a.html#wp1039556 made me laugh. The tech author has demonstrated the command whilst SSHed in and all they've captured to screen are, surprise surprise, the SSH packets from their console session.
So - 2 questions:
1) Does anyone know of an alternative way within the ACS 5.1 host operating system to capture network packets whilst SSHed in?
2) Has anyone out there already raised a request with Cisco to enhance the tech dumptcp 'feature' by adding the ability to filter packets and capture to disk?
Thanks very much.
Solved! Go to Solution.
08-25-2010 01:01 PM
There is an enhancement CDETS open:
CSCtd13775: ACS5 and TCPDump/Sniffer functionality
08-25-2010 01:01 PM
There is an enhancement CDETS open:
CSCtd13775: ACS5 and TCPDump/Sniffer functionality
08-31-2010 09:57 AM
Thanks very much for this answer. I did search the bug navigator for enhancement requests to 5.1 but must have forgotten to search for any that were already open for 5.0.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide