Defining, Modifying, Or Deleting A Capture Point - Cisco Catalyst 4500 Series Software Configuration Manual

Cisco ios xe release 3.9.xe and cisco ios release 15.2(5)ex

Hide thumbs Also See for Catalyst 4500 Series:

Administration manual (1814 pages)

Configuration manual (1610 pages)

Command reference manual (1230 pages)

1252

1253

1254

1255

1256

1257

1258

1259

1260

1261

1262

1263

1264

1265

1266

1267

1268

1269

1270

1271

1272

1273

1274

1275

1276

1277

1278

1279

1280

1281

1282

1283

1284

1285

1286

1287

1288

1289

1290

1291

1292

1293

1294

1295

1296

1297

1298

1299

1300

1301

1302

1303

1304

1305

1306

1307

1308

1309

1310

1311

1312

1313

1314

1315

1316

1317

1318

1319

1320

1321

1322

1323

1324

1325

1326

1327

1328

1329

1330

1331

1332

1333

1334

1335

1336

1337

1338

1339

1340

1341

1342

1343

1344

1345

1346

1347

1348

1349

1350

1351

1352

1353

1354

1355

1356

1357

1358

1359

1360

1361

1362

1363

1364

1365

1366

1367

1368

1369

1370

1371

1372

1373

1374

1375

1376

1377

1378

1379

1380

1381

1382

1383

1384

1385

1386

1387

1388

1389

1390

1391

1392

1393

1394

1395

1396

1397

1398

1399

1400

1401

1402

1403

1404

1405

1406

1407

1408

1409

1410

1411

1412

1413

1414

1415

1416

1417

1418

1419

1420

1421

1422

1423

1424

1425

1426

1427

1428

1429

1430

1431

1432

1433

1434

1435

1436

1437

1438

1439

1440

1441

1442

1443

1444

1445

1446

1447

1448

1449

1450

1451

1452

1453

1454

1455

1456

1457

1458

1459

1460

1461

1462

1463

1464

1465

1466

1467

1468

1469

1470

1471

1472

1473

1474

1475

1476

1477

1478

1479

1480

1481

1482

1483

1484

1485

1486

1487

1488

1489

1490

1491

1492

1493

1494

1495

1496

1497

1498

1499

1500

1501

1502

1503

1504

1505

1506

1507

1508

1509

1510

1511

1512

1513

1514

1515

1516

1517

1518

1519

1520

1521

1522

1523

1524

1525

1526

1527

1528

1529

1530

1531

1532

1533

1534

1535

1536

1537

1538

1539

1540

1541

1542

1543

1544

1545

1546

1547

1548

1549

1550

1551

1552

1553

1554

1555

1556

1557

1558

1559

1560

1561

1562

1563

1564

1565

1566

1567

1568

1569

1570

1571

1572

1573

1574

1575

1576

1577

1578

1579

1580

1581

1582

1583

1584

1585

1586

1587

1588

1589

1590

1591

1592

1593

1594

1595

1596

1597

1598

1599

1600

1601

1602

1603

1604

1605

1606

1607

1608

1609

1610

1611

1612

1613

1614

1615

1616

1617

1618

1619

1620

1621

1622

1623

1624

1625

1626

1627

1628

1629

1630

1631

1632

1633

1634

1635

1636

1637

1638

1639

1640

1641

1642

1643

1644

1645

1646

1647

1648

1649

1650

1651

1652

1653

1654

1655

1656

1657

1658

1659

1660

1661

1662

1663

1664

1665

1666

1667

1668

1669

1670

1671

1672

1673

1674

1675

1676

1677

1678

1679

1680

1681

1682

1683

1684

1685

1686

1687

1688

1689

1690

1691

1692

1693

1694

1695

1696

1697

1698

1699

1700

1701

1702

1703

1704

1705

1706

1707

1708

1709

1710

1711

1712

1713

1714

1715

1716

1717

1718

1719

1720

1721

1722

1723

1724

1725

1726

1727

1728

1729

1730

1731

1732

1733

1734

1735

1736

1737

1738

1739

1740

1741

1742

1743

1744

1745

1746

1747

1748

1749

1750

1751

1752

1753

1754

1755

1756

1757

1758

1759

1760

1761

1762

1763

1764

1765

1766

1767

1768

1769

1770

1771

1772

1773

1774

1775

1776

1777

1778

1779

1780

1781

1782

1783

1784

1785

1786

1787

1788

1789

1790

1791

1792

1793

1794

1795

1796

1797

1798

1799

1800

1801

1802

1803

1804

1805

1806

1807

1808

1809

1810

1811

1812

1813

1814

1815

1816

1817

1818

1819

1820

1821

1822

1823

1824

1825

1826

1827

1828

1829

1830

1831

1832

1833

1834

1835

1836

1837

1838

1839

1840

1841

1842

1843

1844

1845

1846

1847

1848

1849

1850

1851

1852

1853

1854

1855

1856

1857

1858

1859

1860

1861

1862

1863

1864

1865

1866

1867

1868

1869

1870

1871

1872

1873

1874

1875

1876

1877

1878

1879

1880

1881

1882

1883

1884

1885

1886

1887

1888

1889

1890

1891

1892

1893

1894

1895

1896

1897

1898

1899

1900

1901

1902

1903

1904

1905

1906

1907

1908

1909

1910

1911

1912

1913

1914

1915

1916

1917

1918

1919

1920

1921

1922

1923

1924

1925

1926

1927

1928

1929

1930

1931

1932

1933

1934

1935

1936

1937

1938

1939

1940

1941

1942

1943

1944

1945

1946

1947

1948

1949

1950

1951

1952

1953

1954

1955

1956

1957

1958

1959

1960

1961

1962

1963

1964

1965

1966

1967

1968

1969

1970

1971

1972

1973

1974

1975

1976

1977

1978

1979

1980

1981

1982

1983

1984

1985

1986

1987

1988

1989

1990

1991

1992

1993

1994

1995

1996

1997

1998

1999

2000

2001

2002

2003

2004

2005

2006

2007

2008

2009

2010

2011

2012

2013

2014

2015

2016

2017

2018

2019

2020

2021

2022

2023

2024

2025

2026

2027

2028

2029

2030

2031

2032

2033

2034

2035

2036

2037

2038

2039

2040

2041

2042

2043

2044

2045

2046

2047

2048

2049

2050

2051

2052

2053

2054

2055

2056

2057

2058

2059

2060

2061

2062

2063

2064

2065

2066

2067

2068

2069

2070

2071

2072

2073

2074

2075

2076

2077

2078

2079

2080

2081

2082

2083

2084

2085

2086

Table of Contents

How to Configure Wireshark

Table 68-1

Feature

File size

Ring file storage

Buffer storage mode

Defining, Modifying, or Deleting a Capture Point

Although listed in sequence, the steps to specify values for the options can be executed in any order. You

can also specify them in one, two, or several lines. Except for attachment points, which can be multiple,

you can replace any value with a more recent value by redefining the same option, in the following order:

Step 1

Define the name that identifies the capture point.

Step 2

Specify the attachment point with which the capture point is associated.

Multiple attachment points can be specified. Range support is also available both for adding and

removing attachment points.

Step 3

Define the core system filter, defined either explicitly, through ACL or through a class map.

Step 4

Specify the session limit (in seconds or packets captured).

Step 5

Specify the packet segment length to be retained by Wireshark.

Specify the file association, if the capture point intends to capture packets rather than merely display

Step 6

them.

Step 7

Specify the size of the memory buffer used by Wireshark to handle traffic bursts.

To filter the capture point, use the following commands:

Command

[no] monitor capture mycap match {any | mac

mac-match-string | ipv4 ipv4-match-string | ipv6

ipv6-match-string}

[no] monitor capture mycap match mac {src-mac-addr

src-mac-mask | any | host src-mac-addr} | {dest-mac-addr

dest-mac-mask | any | host dest-mac-addr}

[no] monitor capture mycap match {ipv4 | ipv6}

[src-prefix/length | any | host src-ip-addr] [dest-prefix/length

| any | host dest-ip-addr]

[no] monitor capture mycap match {ipv4 | ipv6} proto

{tcp | udp} [src-prefix/length | any | host src-ip-addr] [eq |

gt | lt | neq <0-65535>] [dest-prefix/length | any | host

dest-ip-addr] [eq | gt | lt | neq <0-65535>]

Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex

68-12

Default Wireshark Configuration

Default Setting

No limit

Linear

Purpose

Defines an explicitly in-line core filter.

To remove the filter, use the no form of this command.

Specifies use of a filter for MAC.

To remove the filter, use the no form of this command.

Specifies a filter for IPv4/IPv6, use one of the formats.

To remove the filters, use the no form of this command.

Chapter 68

Configuring Wireshark

Table of Contents

Chapters

Table of Contents

Defining, Modifying, Or Deleting A Capture Point - Cisco Catalyst 4500 Series Software Configuration Manual

Defining, Modifying, or Deleting a Capture Point

Chapters

Troubleshooting

Related Manuals for Cisco Catalyst 4500 Series

Related Content for Cisco Catalyst 4500 Series

Table of Contents