Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1124
Views
5
Helpful
2
Replies

Packet Capture from Cisco Routers

JustForVoice_2
Level 4
Level 4

‎12-29-2011 10:15 PM - edited ‎03-07-2019 04:06 AM

Hi all,

I am trying to find some method to troubleshoot problems using wireshark. what I am looking for is:

Configure Cisco router to capture the packets and store the output on the flash of the router. later on I can access the router and download if from the flash using

copy flash tftp.

Is there any way to do this?

is  there any similar method?

I read about:

Router IP Traffic Export Packet Capture Enhancements

http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/ht_rawip.html

but I found the follwoing limitations:

  • The MAC address of the  device that is receiving the exported traffic must be on the same VLAN  or directly connected to one of the router interfaces. (Use the show arp command to determine the MAC address of device that is directly connected to an interface.)

  • The  outgoing interface for exported traffic must be Ethernet (10/100/1000).  (Incoming (monitored) traffic can traverse any interface.)

As you know, it is very difficult to access the router or to be in the same subnet if it is production router.

Labels:
0 Helpful
2 Replies 2

JustForVoice_2
Level 4
Level 4
In response to cadet alain

‎12-30-2011 08:29 PM

Thank you too much.

it looks very helpful, I will try to test and see if it is what I need.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card