cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

Using Packet Capture on ACE for Troubleshooting

11372
Views
5
Helpful
0
Comments

 

 

Introduction

The most important tool in troubleshooting ACE is the built in capture feature. This feature will enable user to capture live packets of the intended traffic in real time. The attributes of the packet are defined by an ACL. The ACE buffers the captured packets, and you can copy the buffered contents to a file in Flash memory on the ACE or to a remote server. To avoid taxing ACE resources, it is recommended to use an ACL specific to the intended traffic for the capture. This result of the capture can be displayed via CLI or can be exported to be analyzed using a packet capture utility such as Ethereal or Wireshark.

 

Packet Capture Details

The ACE captures packets subject to the following guidelines:

  • One capture session is used per context
  • Capture is triggered at flow setup
  • Capture is configured on the client interface where the flow is received


Note: Probe traffic will not hit a security ACL, so ACLs cannot control the capture of those packets. Therefore, probe traffic cannot be captured by the packet capture utility.

If possible, you should capture packets using the ACE packet capturing utility before and after symptoms appear. Save the packet captures to a file.

 

Specific ACL

ACE-CAT/ADMIN(config)# access-list TEST ?

   ethertype   Configure access control for ethernet-traffic for the system

   extended    Configure access-control for IP traffic through the system

   line        Line-number at which this ACL entry should be entered

   remark      Specify remark/comment for the access-list

   resequence  Re-sequence access list

ACE-CAT/ADMIN(config)# access-list TEST extended permit tcp any 172.16.55.244 0.0.0.0

 

 

Start and Stop ACL

ACE-CAT/ADMIN# capture TEST ?

   all        Capture packets for all interfaces

   interface  Interface to listen

   remove     Remove the packet capture configuration

   start      Start packet capture

   stop       Stop packet capture

ACE-CAT/ADMIN# capture TEST all access-list TEST bufsize 500

ACE-CAT/ADMIN# capture TEST start

ACE-CAT/ADMIN# capture TEST stop

 

 

Displaying Capture Locally

ACE-CAT/ADMIN# show capture TEST detail

0001: msg_type: ACE_HIT

ace_id: 1048905                 action_flag: 0x3

src_addr: 172.16.55.225            src_port: 42381

dst_addr: 172.16.55.244            dst_port: 80

l3_protocol: 0          l4_protocol: 6

message_hex_dump:

0x0000: 0001 0104 0010 0149 0000 0000 ac15 37e1  .......I......7.

0x0010: ac15 37f4 0609 0003 9205 0050 0000 0000  ..7........P....

0x0020: 000a 0000 05b4 0000 0010 0149 0300 0000  ...........I....

0x0030: 0000 0003 0000 0000 0000 0000 0000 0000  ................

0x0040: 0000 0000 0000 0001                      ........

 

0002: msg_type: CON_SETUP

con_id: 1442840600       out_con_id: 369098775

src_addr: 172.16.55.225            src_port: 42381

dst_addr: 172.16.55.244            dst_port: 80

l3_protocol: 0          l4_protocol: 6

message_hex_dump:

0x0000: 0001 0101 5600 0018 1600 0017 0000 0000  ....V...........

0x0010: ac15 37e1 ac15 37f4 0669 0003 9205 0050  ..7...7..i.....P

0x0020: d726 7afe 000b 0000 05b4 0100 1600 0017  .&z.............

0x0030: 0000 0000 0018 0480 2445 0000 0000 0000  ........$E......

0x0040: 0000 002c 1020 0010 05b4 0000 43e9 a82f  ...,........C../

0x0050: 0000 0000 2975 7a2a 0000 0000 0010 0149  ....)uz*.......I

0x0060: 0000 0000 2975 7a2a 0000 0000 0000 0000  ....)uz*........

0x0070: ac15 37f1 ac15 37e1 0661 0004 0050 9205  ..7...7..a...P..

0x0080: 28d9 8502 000d 0000 05b4 0100 5600 0018  (...........V...

0x0090: 0000 0000 0018 0480 2445 0002 0000 0000  ........$E......

0x00a0: 0000 0000 0000 0000 05b4 0000 0000 0000  ................

0x00b0: 0000 0000 2975 7a2c 0000 0000 0010 0149  ....)uz,.......I

0x00c0: 0000 0000 2975 7a2c 0000 0000            ....)uz,....

 

<clipped>

 

 

Exporting Capture

ACE-CAT/ADMIN# copy capture TEST disk0: TEST.cap

ACE-CAT/ADMIN# dir disk0:

 

    17092  May 26 00:48:29 2000 TEST.cap*

 

           Usage for disk0: filesystem

                     1441792 bytes total used

                     9722880 bytes free

                    11164672 bytes available

 

ACE-CAT/ADMIN# copy disk0:TEST.cap tftp:

 

 

Related Information

How to capture on the TenGigabit interface between the ACE module and the Catalyst

Capturing Packets in Real Time

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here