Displaying Packets From A .Pcap File With A Display Filter - Cisco Catalyst 4500 Series Configuration Manual

Chapter 56 Configuring Wireshark
00f0
4
20002
0000
0010
0020
0030
0040
0050

Displaying Packets from a .pcap File with a Display Filter

You can display the .pcap file packets output by entering:
Switch# show monitor capture file bootflash:mycap.pcap display-filter "ip.src ==
10.1.1.140" dump
1
20002
0000
0010
0020
0030
0040
0050
0060
0070
0080
0090
00a0
00b0
00c0
00d0
00e0
00f0
Usage Examples for Wireshark
Example 1: Simple Capture and Display
Let us say we want to monitor traffic in the Layer 3 interface Gigabit 3/1:
Step 1 Define a capture point to match on the relevant traffic by entering:
Switch# monitor capture mycap interface gi 3/1 in match ipv4 any any
Switch# monitor capture mycap limit duration 60 packets 100
Note
Step 2 Confirm that the capture point has been correctly defined by entering:
Switch# show monitor capture mycap parameter
monitor capture mycap interface GigabitEthernet3/1 in
monitor capture mycap match ipv4
OL-25340-01
c6 c7 c8 c9 ca cb cc cd ce cf d0 d1 6c f8 dc 14
3.000000 10.1.1.143 -> 20.1.1.2
54 75 d0 3a 85 3f 00 00 00 00 03 01 08 00 45 00
00 ee 00 00 00 00 40 11 59 6d 0a 01 01 8f 14 01
01 02 4e 21 4e 22 00 da 6e 28 00 01 02 03 04 05
06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15
16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25
26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35
0.000000 10.1.1.140 -> 20.1.1.2
54 75 d0 3a 85 3f 00 00 00 00 03 01 08 00 45 00
00 ee 00 00 00 00 40 11 59 70 0a 01 01 8c 14 01
01 02 4e 21 4e 22 00 da 6e 2b 00 01 02 03 04 05
06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15
16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25
26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35
36 37 38 39 3a 3b 3c 3d 3e 3f 40 41 42 43 44 45
46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55
56 57 58 59 5a 5b 5c 5d 5e 5f 60 61 62 63 64 65
66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75
76 77 78 79 7a 7b 7c 7d 7e 7f 80 81 82 83 84 85
86 87 88 89 8a 8b 8c 8d 8e 8f 90 91 92 93 94 95
96 97 98 99 9a 9b 9c 9d 9e 9f a0 a1 a2 a3 a4 a5
a6 a7 a8 a9 aa ab ac ad ae af b0 b1 b2 b3 b4 b5
b6 b7 b8 b9 ba bb bc bd be bf c0 c1 c2 c3 c4 c5
c6 c7 c8 c9 ca cb cc cd ce cf d0 d1 03 b0 7f 42
To avoid high CPU utilization, we have set a low packet count and duration as limits.
Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG
............l...
UDP Source port: 20001
Tu.:.?........E.
......@.Ym......
..N!N"..n(......
................
.......... !"#$%
&'()*+,-./012345
UDP Source port: 20001
Tu.:.?........E.
......@.Yp......
..N!N"..n+......
................
.......... !"#$%
&'()*+,-./012345
6789:;<=>?@ABCDE
FGHIJKLMNOPQRSTU
VWXYZ[\]^_`abcde
fghijklmnopqrstu
vwxyz{|}~.......
................
................
................
................
...............B
any any
Usage Examples for Wireshark
Destination port:
Destination port:
56-17