Displaying Live Traffic On An Interface - Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual

Displaying Live Traffic on an Interface

Displaying Live Traffic on an Interface
Use the packet display interface-name [snaplen length] [count count] [verbose] [expression
expression] command to display live traffic from an interface directly on your screen.
Press Ctrl-C to terminate the live display.
Note
The following options apply:
•
•
•
•
•
•
Executing the packet display command causes significant performance degradation.
Caution
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
9-2
interface-name—Logical interface name.
You can only use an interface name that exists in the system.
snaplen—Maximum number of bytes captured for each packet (optional).
The valid range is 68 to 1600. The default is 0. A value of 0 means use the required length to catch
whole packets.
count—Maximum number of packets to capture (optional).
The valid range is 1 to 10000.
Note If you do not specify this option, the capture terminates after the maximum file size is
captured.
verbose—Displays the protocol tree for each packet rather than a one-line summary (optional).
expression—Packet-display filter expression.
This expression is passed directly to TCPDUMP and must meet the TCPDUMP expression syntax.
Note The expression syntax is described in the TCPDUMP man page.
file-info—Displays information about the stored packet file.
File-info displays the following information:
Captured by: user:id, Cmd: cliCmd
Start: yyyy/mm/dd hh:mm:ss zone, End: yyyy/mm/dd hh:mm:ss zone or in-progress
Where
user = username of user initiating capture
id = user's CLI ID
cliCmd = command entered to perform the capture
Chapter 9 Displaying and Capturing Live Traffic on an Interface
78-16527-01