Example: Capture And Store In Lock-Step Mode - Cisco Catalyst 4500 series Administration Manual
Hide thumbs
Also See for Catalyst 4500 series:
- Software configuration manual (2086 pages) ,
- Configuration manual (1610 pages) ,
- Command reference manual (1230 pages)
Table of Contents
Advertisement
Usage Examples for Wireshark
11.000000
12.000000
Switch# monitor capture mycap start display detailed
Frame 1: 256 bytes on wire (2048 bits), 256 bytes captured (2048 bits)
Ethernet II, Src: 00:00:00:00:03:01 (00:00:00:00:03:01), Dst: 54:75:d0:3a:85:3f
(54:75:d0:3a:85:3f)
Switch#
Example: Capture and Store in Lock-step Mode
This example captures live traffic and stores the packets in lock-step mode to achieve a high capture rate.
The capture rate might be slow for the first 15 seconds. If possible and needed, start the traffic 15 seconds
Note
after the capture session has started.
Define a capture point to match on the relevant traffic and associate it to a file by entering:
Step 1
Switch# monitor capture mycap interface gi 3/1 in match ipv4 any any
Switch# monitor capture mycap limit duration 60 packets 100
Switch# monitor cap mycap file location bootflash:mycap.pcap buffer-size 64
Confirm that the capture point has been correctly defined by entering:
Step 2
Switch# show monitor capture mycap parameter
monitor capture mycap interface GigabitEthernet3/1 in
monitor capture mycap match ipv4
monitor capture mycap file location bootflash:mycap.pcap buffer-size 64
monitor capture mycap limit packets 100000 duration 60
Switch# show monitor capture mycap
Target Type:
Interface: GigabitEthernet3/1, Direction: in
Status : Inactive
Filter Details:
IPv4
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
59-28
10.1.1.184 -> 20.1.1.2
10.1.1.185 -> 20.1.1.2
Arrival Time: Apr 12, 2012 11:46:54.245974000 PDT
Epoch Time: 1334256414.245974000 seconds
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 256 bytes (2048 bits)
Capture Length: 256 bytes (2048 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:udp:data]
Destination: 54:75:d0:3a:85:3f (54:75:d0:3a:85:3f)
Address: 54:75:d0:3a:85:3f (54:75:d0:3a:85:3f)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 00:00:00:00:03:01 (00:00:00:00:03:01)
Address: 00:00:00:00:03:01 (00:00:00:00:03:01)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source IP:
any
Destination IP:
any
UDP Source port: 20001
UDP Source port: 20001
any any
Chapter 59
Configuring Wireshark
Destination port: 20002
Destination port: 20002
OL_28731-01
Advertisement
Chapters
Table of Contents
Troubleshooting
