cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
26631
Views
8
Helpful
5
Replies

tcpdump equivalent

reashad
Level 1
Level 1

Hi,

is there any tcpdump like equivalent command for cisco. i want to see live packets on CLI.

5 Replies 5

Seb Rupik
VIP Alumni
VIP Alumni

Hi there,

There is EPC for most switches:

https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-embedded-packet-capture/116045-productconfig-epc-00.html

 

...and a similar function on the ASA firewalls.

Both allow you to read the contents of the buffer, but not do great analysis. For that you need to export the buffers to PCAP and feed into wireshark off-box.

 

There isn't anything like the monitor traffic interface command from Junos.

 

cheers,

Seb.

can you tell me from your experience that if it is CPU intensive

In my experience you are normally performing packet captures on fairly sizeable switches/ firewalls so the capture process has very little impact.

 

If the devices which you are looking at do not have the feature to save monitor sessions to internal buffers, you also have SPAN:

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/network_management/configuration_guide/b_nm_3se_3850_cg/b_nm_3se_3850_cg_chapter_0111.html

 

Keep in mind that will be caveats/ limitations depending on platform, but it is at least available on every cisco switching platform.

 

cheers,

Seb.

The problem is device is in Calgary and i am in Toronto and it doesn't support EPC. 

….in which case ERSPAN is probably not available on your device either.

 

What is the device you are trying to capture on?  Is the host traffic which is being captured routed on a device that supports EPC further upstream?

 

If not, then your best option is to have someone connect a laptop locally to the switch and configure a SPAN port which you can capture directly from.

 

cheers,

Seb.

Review Cisco Networking for a $25 gift card