Friday, September 30, 2011

IOS Packet Captures

It's actually quite easy to do full packet captures with ACL Filters on routers.  This is at times much better than relying on debugs to troubleshoot issues.  Here's how (in this case a SIP Signaling Packet Capture):

1. Create Traffic Profile.  Here, for SIP Signaling
!in config mode

ip access-list 123 permit udp any any eq 5060
ip access-list 123 permit tcp any any eq 5060

ip traffic-export profile SIP-CAP mode capture
   incoming access-list 123
   outgoing access-list 123

2. Apply to an interface
!in config mode
int g0/0
   ip traffic-export apply SIP-CAP

3. Capture the traffic
!in enable mode
 #traffic-export int g0/0 clear
 #traffic-export int g0/0 start
 #traffic-export int g0/0 stop

4. Export the CAP to a server using ftp or tftp
!in enable mode
 #traffic-export int g0/0 copy ftp://x.x.x.x/capture.pcap

Sunday, January 30, 2011

Packet Captures on Cisco UC Appliances

Sometimes it's not obvious about how to get things done on the Cisco Appliance platforms, especially if you're used to the Windows platforms.  But, you really can do everything you used to--you just do it differently.  For instance, to get a packet capture use the CLI and enter the following command:

utils network capture eth0 file Capture1 size all count 100000

Type CTRL-C to stop the capture.

Then, you can retrieve the packet capture by using RTMT (Real Time Monitoring Tool):

In RTMT, use the Collect Files tool.  Select Packet Capture Logs for the server.  The PCAP File will then download to your PC, and you can open it with Wireshark.

This will work with all of the Cisco UC Appliances.