Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Packet capture on RSP720,SUP720 & SUP32 using NETDR tool

 

Introduction:

 

Netdr is a tool available on a RSP720, Sup720 or Sup32 that allows one to capture packets on the RP or SP inband. The netdr command can be used to capture both Tx and Rx packets in the software switching path. This is not a substitute for ELAM as netdr does not capture packets handled in the hardware forwarding path.

 

To capture packets on the RP inband, the syntax for the command is

 

#debug netdr capture ?

acl (11) Capture packets matching an acl

and-filter (3) Apply filters in an and function: all must match

continuous (1) Capture packets continuously: cyclic overwrite

destination-ip-address (10) Capture all packets matching ip dst address

dstindex (7) Capture all packets matching destination index

ethertype (8) Capture all packets matching ethertype

interface (4) Capture packets related to this interface

or-filter (3) Apply filters in an or function: only one must match

rx (2) Capture incoming packets only

source-ip-address (9) Capture all packets matching ip src address

srcindex (6) Capture all packets matching source index

tx (2) Capture outgoing packets only

vlan (5) Capture packets matching this vlan number

 

 

Note: To capture packets on the SP inband you would run all the commands from the SP.

 

Note that several options are available and the numbers in parentheses to the right of each option indicate the order in which the options must be specified. Once the packets are captured they can be displayed with the command

 

show netdr capture

 

Options:

 

  • Using the continuous option, the switch will capture packets on the RP-inband continuously fill the entire capture buffer (4096 packets) and then start to overwrite the buffer in a FIFO fashion.
  • The tx and rx options will capture packets coming from the MSFC and going to the MSFC respectively.
  • The and-filter and the or-filter specify that an and or an or will be applied respectively to all of the options that follow. For example, if you use the syntax below, then both option #1 and option #2 must match for the packet to be captured. Similarly, if the or-filter is used either option #1 or option #2 or both must match for the packet to be captuered.

debug netdr and-filter option#1 option#2

 

  • The interface option is used to capture packets to or from the specified interface. The interface can be either an SVI or a L3 interface on the switch.
  • The vlan option is used to capture all packets in the specified VLAN. The VLAN specified can also be one of the internal VLANs associated with a L3 interface.
  • The srcindex and dstindex options are used to capture all packets matching the source ltl and destination ltl indices respectively. Note that the interface option above only allows the capture of packets to or from a L3 interface (SVI or physical). Using the srcindex or dstindex options allows the capture of Tx or Rx packets on a given L2 interface. The srcindex and dstindex options work with either L2 or L3 interface indices.
  • The ethertype option allows the capture of all packets matching the specified ethertype.
  • The source-ip-address and destination-ip-address options allow the capture of all packets matching the specified source or destination IP address respectively.
  • The acl option allows the specification of a numbered ACL in which packets can be matched at L3 or L4.

 

 

Example:

 

#debug netdr capture tx


#ping 10.10.10.2 repeat 100


(Ping was successful)

#show netdr capture
A total of 105 packets have been captured
The capture buffer wrapped 0 times
Total capture capacity: 4096 packets


------- dump of outgoing inband packet -------
interface NULL, routine draco2_fastsend
dbus info: src_vlan 0x3F1(1009), src_indx 0x102(258), len 0x40(64)
bpdu 0, index_dir 0, flood 0, dont_lrn 0, dest_indx 0x387(903)
00020000 03F16800 01020000 40000000 00117F00 00157F00 00100000 03870000
mistral hdr: req_token 0x0(0), src_index 0x102(258), rx_offset 0x74(116)
requeue 0, obl_pkt 0, vlan 0x3F1(1009)
destmac 00.11.21.B9.B0.C0, srcmac 00.00.00.00.AA.AA, protocol 0800
protocol ip: version 0x04, hlen 0x05, tos 0x00, totlen 46, identifier 8207
df 0, mf 0, fo 0, ttl 32, src 127.0.0.16, dst 127.0.0.21
udp src 68, dst 67 len 26 checksum 0xB8BC

------- dump of outgoing inband packet -------
interface Gi1/1, routine draco2_ibc_soutput
dbus info: src_vlan 0x3FB(1019), src_indx 0x380(896), len 0x76(118)
bpdu 0, index_dir 0, flood 0, dont_lrn 0, dest_indx 0x0(0)
00020000 03FB2800 03800000 76000000 00000000 00000000 00000000 00000000
mistral hdr: req_token 0x0(0), src_index 0x380(896), rx_offset 0x30(48)
requeue 0, obl_pkt 0, vlan 0x0(0)
destmac 00.0C.85.80.D2.80, srcmac 00.D0.04.C5.08.00, protocol 0800
layer 3 data: 45000064 04150000 FF018F6D 0A0A0A01 0A0A0A02 080057B7
002C0000 00000000 94269240 ABCDABCD ABCDABCD ABCDABCD
ABCDABCD ABCDABCD 000003FB 00000101 000043FA 0804

 


Note that 105 packets were captured indicating packets other than the ICMP echos are captured. This is to be expected since the tx option specifiesall packets transmitted by the MSFC. I have shown only two of the 105 packets captured. The second packet shown can be identified as one of the echo requests from 10.10.10.1 to 10.10.10.2. You can see the source and destination IP addresses in the eight-byte sequence 0A0A0A01 0A0A0A02.

Version history
Revision #:
2 of 2
Last update:
‎08-28-2017 10:23 PM
 
Labels (1)
Comments
Cisco Employee

Nice document