Heres how i do it on IOS:
! in enable mode
! creates a circular buffer of up to 1024K
monitor capture buffer mybuffer size 1024 max-size 1024 circular
! Creates a capture point in this case subinterface 100 of Gig 0/1
monitor capture point ip cef mycapture gigabitethernet0/1.100 both
! Associte the buffer with the capture point
monitor capture point associate mycapture mybuffer
! Start the capture
monitor capture point start mycapture
! Stop the capture
monitor capture point stop mycapture
! show the capture (not particularly useful unless you can read hex)
show monitor cap buffer mybuffer dump
! often better to upload the capture to somewhere and use wireshark
monitor capture buffer mybuffer export tftp://10.0.0.1/mycapture.pcap
And on ASA
! this ACL can be used to filter what is captured
access-list captureacl permit ip any any
! This sets up the capture on the inside interface, to use a specific ACL.
! buffer size in bytes as well as circular-buffer are set
capture mycapture access-list captureacl interface inside buffer 100000 circular buffer
capture mycapture access-list captureacl interface inside buffer 100000 circular buffer
! Upload capture.
copy capture:mycapture tftp://10.0.0.1/mycapture.pcap
No comments:
Post a Comment