Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
903
Views
0
Helpful
3
Replies

Need to monitor traffic on old cisco router

travishead28535
Level 1
Level 1

‎11-26-2020 09:06 PM

 have an old 2800 series router with ios 12.4(10) that I need to monitor traffic on an interface. The issue is the version of ios installed doesn't support traffic capture. I would love to update ios, but I'm not the one running the project. I didn't find any methods for capturing my version of ios.

My solution was to run a TCP dump on the node to the switch. The only problem is, that server doesn't have a TCP dump and I cannot install it. The next solution is to compile from source and run TCP dump from USB (proving to be a bit tricky). My next approach is to remotely log into the router, view the traffic, and save it to a file. I don't know the command to do that unfortunately and all the commands on the cisco support site are for newer ios versions.

I'm no networking guru and I'm very unfamiliar with ios commands. I need a way to monitor the traffic between the node and the Nox router.

FYI:

When I say monitor, I mean I want to see the header, destination, port, etc., not just a packet accounting.

Labels:
0 Helpful
3 Replies 3

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎11-26-2020 11:35 PM

Hello @travishead28535 ,

if the router interface is a LAN interface you can connect it to a Catalyst switch and use the SPAN feature on the switch to get the traffic entering/exiting the router interface copied to the SPAN destination port where you connect a PC or laptop with Wiresharkk running.

This was the way we did things before the introduction of embedded packet capture feature.

 

follow the instructions in the link below

https://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/10570-41.html?dtid=osscdc000283

 

other vendors call this feature port mirroring

 

Hope to help

Giuseppe

 

 

0 Helpful

Georg Pauwen
VIP
VIP

‎11-27-2020 12:13 AM

Hello,

 

if you just have a router, there used to be RITE (Router IP Traffic Export), not sure if that is available in your IOS version. If it is, you could use that in combination with Wireshark installed on your client connected to a router interface.

 

https://networklessons.com/cisco/ccie-routing-switching/router-ip-traffic-export-rite

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Georg Pauwen

‎11-27-2020 12:17 AM

I am not sure whether this model of router and version of code support netflow. But if they do this might be a way to get the header information (source port, destination port, etc) that you are looking for.

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card