cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
169
Views
5
Helpful
5
Replies
Highlighted
Beginner

tcpdump equivalent

Hi,

is there any tcpdump like equivalent command for cisco. i want to see live packets on CLI.

5 REPLIES 5
VIP Advisor

Re: tcpdump equivalent

Hi there,

There is EPC for most switches:

https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-embedded-packet-capture/116045-productconfig-epc-00.html

 

...and a similar function on the ASA firewalls.

Both allow you to read the contents of the buffer, but not do great analysis. For that you need to export the buffers to PCAP and feed into wireshark off-box.

 

There isn't anything like the monitor traffic interface command from Junos.

 

cheers,

Seb.

Beginner

Re: tcpdump equivalent

can you tell me from your experience that if it is CPU intensive

VIP Advisor

Re: tcpdump equivalent

In my experience you are normally performing packet captures on fairly sizeable switches/ firewalls so the capture process has very little impact.

 

If the devices which you are looking at do not have the feature to save monitor sessions to internal buffers, you also have SPAN:

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/network_management/configuration_guide/b_nm_3se_3850_cg/b_nm_3se_3850_cg_chapter_0111.html

 

Keep in mind that will be caveats/ limitations depending on platform, but it is at least available on every cisco switching platform.

 

cheers,

Seb.

Beginner

Re: tcpdump equivalent

The problem is device is in Calgary and i am in Toronto and it doesn't support EPC. 

VIP Advisor

Re: tcpdump equivalent

….in which case ERSPAN is probably not available on your device either.

 

What is the device you are trying to capture on?  Is the host traffic which is being captured routed on a device that supports EPC further upstream?

 

If not, then your best option is to have someone connect a laptop locally to the switch and configure a SPAN port which you can capture directly from.

 

cheers,

Seb.

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards