Note: None of the below configuration commands, except the optional access lists (filters), will be stored in the router's running-configuration or startup-configuration. Capturing packets betwen host 192.168.3.2 and Firewall.cx Examining the diagram below, our goal is to capture ingress & egress packets on interface FastEthernet0 from workstation 192.168.3.2 to and from Firewall.cx:įigure 2.
Direction of traffic to the interface: in (ingress), out (engress) or bothĬonfiguring Cisco Embedded Packet CaptureĮPC configuration is an easy 5 step configuration process. Interface e.g Fast Ethernet0, Dialer0 etc. CEF (Cisco Express Forwarding or Process-Switched. Capture points need to define the following: Capture PointĬapture point is a traffic transit point where a packet is captured. Linear Capture Buffer: When the capture buffer is full, it stops capturing data.Ĭircular Capture Buffer: When the capture buffer is full, it continues capturing data by overwriting older data. There are two types of Capture Buffers: Linear and Circular. Capture BufferĬapture buffer is an area in memory for holding packet data. We’ll use figure 1 to help illustrate the terms. Understanding Basic Embedded Packet Capture Terminologyīefore we dive into the configuration of Cisco EPC, let’s explain the two terms used during the EPC configuration: Capture Buffer & Capture Point. G ranularity of captured packets via Standard or Extended Access Control Lists (ACLs)įigure 1. Export packet captures in PCAP format, enabling analysis with external tools such as Wireshark. Ability to specify various capture buffer parameters. Capture IPv4 and IPv6 packets in the Cisco Express Forwarding path. Let’s take a look at some of the basic features offered by Embedded Packet Capture: We will show you how to configure Cisco’s Embedded Packet Capture, to capture packets transiting a Cisco router, save them to its flash disk or export them directly to an ftp/tftp server for further analysis with the help of a packet analyzer such as Wireshark.įinally, we've also included a number of useful Embedded Packet Capture troubleshooting commands to monitor the status of the capture points and memory buffer. If you’re tired of setting up SPAN sessions to capture network traffic transiting your network and Cisco router, it’s time to start using Cisco’s Embedded Packet Capture ( EPC), available from IOS 12.4.20T and above.
0 kommentar(er)
