ip access-list extended CAP_ACL
permit ip host x host y
*** Setup buffer
monitor capture buffer CAP_BUFF circular
*** Filter the buffer with the ACL
monitor capture buffer CAP_BUFF filter access-list CAP_ACL
*** Setup the cap point and on what interface
monitor capture point ip cef CAP_POINT fa0/0 both
*** Assign the buffer to point
monitor capture point associate CAP_POINT CAP_BUFF
*** Show the setup
show monitor capture buffer CAP_BUFF
*** Start the cap
monitor capture point start CAP_POINT
*** Send the test traffic
send test traffic ping or telnet on the port etc
*** Stop the cap
monitor capture point stop CAP_POINT
*** show brief
show monitor capture buffer CAP_BUFF brief
*** export the capture to tftp server
monitor capture buffer CAP_BUFF export tftp://10.50.50.22/mycap.pcap
*** Open the pcap in wireshark
For 3850 - but it didn't work for me
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/epc/configuration/xe-16/epc-xe-16-book/nm-packet-capture-xe.html#GUID-DCB20ADF-1F8E-434B-AE97-54802879F34F
No comments:
Post a Comment