Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3587
Views
0
Helpful
3
Replies

Cisco 9200L Packet Capture with CLI

Jan2000
Level 1
Level 1

‎02-27-2020 05:59 AM

Hi,

i work with a Cisco 9200L and i want to capture the traffic.

i can display the traffic with

 

1.
Device# debug platform software fed switch active packet-capture start
Punt packet capturing started.


Device# debug platform software fed switch active packet-capture stop
Punt packet capturing stopped. Captured 101 packet(s)

 

2.show platform software fed switch active punt packet-capture display detailed

But how can i safe this on a usb stick?

 

Labels:
0 Helpful
3 Replies 3

Mark Malone
VIP Alumni
VIP Alumni

‎02-27-2020 08:17 AM - edited ‎02-27-2020 08:19 AM

Hi
use putty an capture the output to a test file on your desktop

go to logging in putty , select printable output in top right , select browse , chose an area to save to and hit apply

set the router/switch to terminal length 0 then run all the commands again , then go back to putty logging session hit none and apply , it will have saved to dekstop


https://itthatshouldjustwork.blogspot.com/2012/06/backup-cisco-configs-using-putty.html

then transfer to usb , it can be done in EEM to USB but you would have to write the script and then get to to transfer to flash or usb locally on the device

0 Helpful

Mark Malone
VIP Alumni
VIP Alumni
In response to Mark Malone

‎02-27-2020 08:26 AM

heres an example you could probably tweak for EEM if you really wanted to get it into USB that way , its doing something similar , running show commands then dumping them into usb to be collected , just set the eem to run rather than waiting like the script to hit a high cpu issue remove the snmp part too , but its not far off, lot easier with putty though :)

event manager session cli username "MMALONE"
event manager applet HIGH_CPU
event snmp oid 1.3.6.1.4.1.9.9.109.1.1.1.1.3.1 get-type exact entry-op ge entry-val "80" poll-interval 30
action 0.0 syslog msg "High CPU Detected"
action 0.1 cli command "enable"
action 0.2 cli command "show clock | append USB1:HIGH_CPU.txt"
action 0.3 cli command "debug platform packet all buffer | append USB1:HIGH_CPU.txt "
action 0.4 cli command "show logging | append USB1:HIGH_CPU.txt "
action 0.5 cli command "show process cpu sorted | append USB1:HIGH_CPU.txt "
action 0.6 cli command "show process cpu history | append USB1:HIGH_CPU.txt"
action 0.7 cli command "show buffers| append USB1:HIGH_CPU.txt"
action 0.8 cli command "show platform health | append USB1:HIGH_CPU.txt "
action 0.9 cli command "show platform cpu packet statistics all | append USB1:HIGH_CPU.txt "
action 1.0 cli command "show platform cpu packet buffered | append USB1:HIGH_CPU.txt "
action 1.1 cli command "debug platform packet all count | append USB1:HIGH_CPU.txt "
action 1.2 cli command "show spanning-tree detail | append USB1:HIGH_CPU.txt "
action 1.3 cli command "u all"
0 Helpful

ip_guy
Level 1
Level 1

‎02-28-2020 12:04 AM

Hi Jan,

You can also use SecureCRT terminal software and collect specific traffic that you wish. It is very easy and simple. You have in attachment print screen of my Log Session. Just before you click on Log Session you have to set first TERM LENGTH 0 in privilege mode (#) and then use Log Session from taskbar menu.

When you finish with capturing traffic, you have to again click on Log Session to stop capturing.

I hope that I help you.

Have a nice day.

Milos

 

 

Preview file
30 KB
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card