Packet capture from IOU
July 25, 2012 2 Comments
Packet capturing from a regular router works great, but how to get a readable packet capture from IOU if you don’t want to deal with all the UNIX crap?
Here is a little tutorial on that:
=== 1-6 Copied directly from http://www.cciezone.com/?p=107 ===
- Define an ACL which specifies which traffic should be captured
- Create the capture buffer and set .pcap export location
#monitor capture buffer CAPTURE
#monitor capture buffer CAPTURE export unix:/capture.pcap - Create the capture point
#monitor capture point ip process-switched CAPTURE both - Associate the capture point with the capture buffer
#monitor capture point associate CAPTURE CAPTURE - Start the capture point
#monitor capture point start CAPTURE
…Let traffic pass through the router… - Stop the capture point
#monitor capture point stop CAPTURE
== Get it from IOU to Wireshark ===
- Set terminal length to 0, so output doesn’t break with –more–
#terminal length 0 - In SecureCRT, go to Transfer > Receive ASCII and set file save location.
- Receive the entire file
#more unix:/capture.pcap - In SecureCRT, uncheck Receive ASCII to stop the download.
- Use Notepad++ to join all the lines (Edit>Line Operations>Join Lines), then do a replace all on spaces with nothing to remove any spaces.
- Save file and open in WireShark!
Happy capturing!
Hi Sr
I want to build my virtual CCIE home Lab
which is the best way to do it? I could give some advice on how to emulate the switches?.
Thanks
Sorry, but I can’t answer your question. I have not yet had IOU emulate switches in a stable way. Even though people have been making lots of progress and providing more stable setups than previously available, it’s still prone to crashing. The only way I got it stable is with actual physical switches and USB-to-Ethernet adapters tied in with IOU and IOU emulating only routers. This is a somewhat accurate description of features won’t work with IOU: http://www.routereflector.com/cisco/cisco-iou-web-interface/features-not-supported/