Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Packet capture in 1841 Router

Hi All,

I have CISCO 1841 Router. It is working perfectly.

I want to see / capture all the packets passing through / processed by the Router. I want to see the payload and details of the traffic.

I tried to take the logs. I am getting only the events happening in the firewall like source / destination address details, but not the payload. I want to capture these traffic and analyse it using protocol analyzer tools like Ethereal / Wireshark.

I am able to do this in ASA firewall using "capture" command. How to achieve this in Cisco Router

Kindly help me.

regards,

R.B.Kumar

7 REPLIES
Hall of Fame Super Silver

Re: Packet capture in 1841 Router

R.B.Kumar

It is very nice that the ASA has this capability. However the ASA is a very different OS from the 1841 router. I am not aware of any way to do a similar function on the 1841.

HTH

Rick

New Member

Re: Packet capture in 1841 Router

Hi,

Any way is it possible to do this in Cisco Switches

R.B.Kumar

Cisco Employee

Re: Packet capture in 1841 Router

Hi Kumar,

You can create a SPAN port on the Cisco switch with monitor session command and then use Wireshark to capture it. Cisco routers and switches do not have the capture feature like the FW's.

HTH,

jerry

New Member

Re: Packet capture in 1841 Router

Hi Jerry,

I am going through Cisco Literatures and found two methods of doing packet capture in Routers.

Method 1: traffic-export

Method 2: EPC ( Embedded Packet Capturing)

Do you any comment on this.?

What is the difference between these two?

R.B.Kumar

Cisco Employee

Re: Packet capture in 1841 Router

Hi Kumar,

I have not use these feature. Just reading something off CCO - EPC is for the 7200 platform and only available to IOS 12.4(20)T or beyond.

However, traffic-export is an older feature. The concept of traffic-export is similar to netflow-export, where it required an external decoder/sniffer. I would think that monitoring the CPU utilization is a good idea when first turned on these features.

http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_ip_traff_export_ps6350_TSD_Products_Configuration_Guide_Chapter.html

HTH,

jerry

Re: Packet capture in 1841 Router

R.B.Kumar

You could give IP Traffic Export Packet Capture at try. I have not used or tested this feature yet, but this may help.

http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/ht_rawip.html#wp1051438

HTH,

Mark

New Member

Re: Packet capture in 1841 Router

3050
Views
10
Helpful
7
Replies