We all know that sometimes we need to see the packets. Often however, getting a packet capture in the right place, or spanning the right VLAN’s, can take time. To make capturing packets easier, many Cisco products allow packet captures to be done directly on the devices. This is a handy reference to "how to" documents for Cisco products that support packet capture.
On Cisco IOS, there is Enhanced Packet Capture (EPC):
On Cisco IOS-XE (ASR), EPC was introduced in 3.7.0:
For the 7600 platform, there is a similar concept called Mini Protocol, which extends EPC into the hardware forwarding path:
For the ASA, FWSM and PIX products, you can capture ingress and egress packets via the CLI and ADSM:
Additionally, you can capture packets which were dropped by the Accelerated Security Path (ASP) within the ASA and PIX by using a capture type of "asp-drop".
The Nexus platform has built in WireShark capability:
On the Wireless LAN Controller (WLC), you can trace packets to/from the CPU with the debug packet logging facility:
On the Cisco Unified Communications Manager (CUCM), Unity Connection (UC), Cisco Unified Presence Server (CUP), and Unified Contact Center Express (UCCX), packets can be captured on the Command Line Interface (CLI):
It is possible to capture packets on a PC connected to the back of a Cisco IP Phone:
The ACS 5.x can show you the text output of a standard TCPDump:
It's best to redirect that to a file when using SSH/telnet so you don't see your own management traffic, so "tech dumptcp 0 > my-cap.txt".