05-13-2024 06:54 AM
How can I fetch packet capture from aws deployed router and fetch to my pc as a pcap
Solved! Go to Solution.
05-13-2024 10:47 AM
May be TFTP / SCP ?
05-13-2024 02:34 PM
Hi,
use EPC (embedded packet capture) with "monitor capture" commands and export to .pcap in local disk (bootflash).
Most probably you have access to device via SSH, so SCP will work for you. If for some reason you manage only locally, you can create guestshell inside router and export .pcap capture file to S3 (your EC2 machine i.e router will need IAM role to access S3).
Above is described in this doc:
Basically, guest linux shell is created which has its own IP and router is next-hop for that "linux box" (virtually in the background which is 192.168.x.x in the doc) then this virtual interface is NAT-ed to outside interface over which S3 is reachable (that outside interface should be in "public subnet" which means you have public IP for that interface via IGW or in "private subnet" but Nat GW is enabled).
If you also don't have internet access from router (router is in private subnet without NAT), then you may deploy S3 gateway endpoint (free) or interface endpoint (costly).
05-13-2024 10:47 AM
May be TFTP / SCP ?
05-13-2024 02:34 PM
Hi,
use EPC (embedded packet capture) with "monitor capture" commands and export to .pcap in local disk (bootflash).
Most probably you have access to device via SSH, so SCP will work for you. If for some reason you manage only locally, you can create guestshell inside router and export .pcap capture file to S3 (your EC2 machine i.e router will need IAM role to access S3).
Above is described in this doc:
Basically, guest linux shell is created which has its own IP and router is next-hop for that "linux box" (virtually in the background which is 192.168.x.x in the doc) then this virtual interface is NAT-ed to outside interface over which S3 is reachable (that outside interface should be in "public subnet" which means you have public IP for that interface via IGW or in "private subnet" but Nat GW is enabled).
If you also don't have internet access from router (router is in private subnet without NAT), then you may deploy S3 gateway endpoint (free) or interface endpoint (costly).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide