Introduction
The most important tool in troubleshooting ACE is the built in capture feature. This feature will enable user to capture live packets of the intended traffic in real time. The attributes of the packet are defined by an ACL. The ACE buffers the captured packets, and you can copy the buffered contents to a file in Flash memory on the ACE or to a remote server. To avoid taxing ACE resources, it is recommended to use an ACL specific to the intended traffic for the capture. This result of the capture can be displayed via CLI or can be exported to be analyzed using a packet capture utility such as Ethereal or Wireshark.
Packet Capture Details
The ACE captures packets subject to the following guidelines:
- One capture session is used per context
- Capture is triggered at flow setup
- Capture is configured on the client interface where the flow is received
Note: Probe traffic will not hit a security ACL, so ACLs cannot control the capture of those packets. Therefore, probe traffic cannot be captured by the packet capture utility.
If possible, you should capture packets using the ACE packet capturing utility before and after symptoms appear. Save the packet captures to a file.
Specific ACL
ACE-CAT/ADMIN(config)# access-list TEST ?
ethertype Configure access control for ethernet-traffic for the system
extended Configure access-control for IP traffic through the system
line Line-number at which this ACL entry should be entered
remark Specify remark/comment for the access-list
resequence Re-sequence access list
ACE-CAT/ADMIN(config)# access-list TEST extended permit tcp any 172.16.55.244 0.0.0.0
Start and Stop ACL
ACE-CAT/ADMIN# capture TEST ?
all Capture packets for all interfaces
interface Interface to listen
remove Remove the packet capture configuration
start Start packet capture
stop Stop packet capture
ACE-CAT/ADMIN# capture TEST all access-list TEST bufsize 500
ACE-CAT/ADMIN# capture TEST start
ACE-CAT/ADMIN# capture TEST stop
Displaying Capture Locally
ACE-CAT/ADMIN# show capture TEST detail
0001: msg_type: ACE_HIT
ace_id: 1048905 action_flag: 0x3
src_addr: 172.16.55.225 src_port: 42381
dst_addr: 172.16.55.244 dst_port: 80
l3_protocol: 0 l4_protocol: 6
message_hex_dump:
0x0000: 0001 0104 0010 0149 0000 0000 ac15 37e1 .......I......7.
0x0010: ac15 37f4 0609 0003 9205 0050 0000 0000 ..7........P....
0x0020: 000a 0000 05b4 0000 0010 0149 0300 0000 ...........I....
0x0030: 0000 0003 0000 0000 0000 0000 0000 0000 ................
0x0040: 0000 0000 0000 0001 ........
0002: msg_type: CON_SETUP
con_id: 1442840600 out_con_id: 369098775
src_addr: 172.16.55.225 src_port: 42381
dst_addr: 172.16.55.244 dst_port: 80
l3_protocol: 0 l4_protocol: 6
message_hex_dump:
0x0000: 0001 0101 5600 0018 1600 0017 0000 0000 ....V...........
0x0010: ac15 37e1 ac15 37f4 0669 0003 9205 0050 ..7...7..i.....P
0x0020: d726 7afe 000b 0000 05b4 0100 1600 0017 .&z.............
0x0030: 0000 0000 0018 0480 2445 0000 0000 0000 ........$E......
0x0040: 0000 002c 1020 0010 05b4 0000 43e9 a82f ...,........C../
0x0050: 0000 0000 2975 7a2a 0000 0000 0010 0149 ....)uz*.......I
0x0060: 0000 0000 2975 7a2a 0000 0000 0000 0000 ....)uz*........
0x0070: ac15 37f1 ac15 37e1 0661 0004 0050 9205 ..7...7..a...P..
0x0080: 28d9 8502 000d 0000 05b4 0100 5600 0018 (...........V...
0x0090: 0000 0000 0018 0480 2445 0002 0000 0000 ........$E......
0x00a0: 0000 0000 0000 0000 05b4 0000 0000 0000 ................
0x00b0: 0000 0000 2975 7a2c 0000 0000 0010 0149 ....)uz,.......I
0x00c0: 0000 0000 2975 7a2c 0000 0000 ....)uz,....
<clipped>
Exporting Capture
ACE-CAT/ADMIN# copy capture TEST disk0: TEST.cap
ACE-CAT/ADMIN# dir disk0:
17092 May 26 00:48:29 2000 TEST.cap*
Usage for disk0: filesystem
1441792 bytes total used
9722880 bytes free
11164672 bytes available
ACE-CAT/ADMIN# copy disk0:TEST.cap tftp:
Related Information
How to capture on the TenGigabit interface between the ACE module and the Catalyst
Capturing Packets in Real Time
