Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
526
Views
0
Helpful
3
Replies

C9200 Embedded PCAP

BobGreer65666
Level 1
Level 1

‎06-27-2024 09:59 AM

Hi there,

Thanks for reading!

I ran a capture on a C9200 with these parameters and only captured one-way traffic.  I was trying to see if the server at the destination IP was responding and thought that 3rd line Direction: Both would reveal the traffic stream from both ends.  The capture only showed one-way traffic from the client at the source IP.  Here's the mon cap settings.  Did I prank myself?  

 
 

PCAP.jpg

 

Labels:
0 Helpful
3 Replies 3

MHM Cisco World
VIP
VIP

‎06-27-2024 10:28 AM

9300_54#monitor capture CAP interface x/x/x  in
9300_54#monitor capture CAP match host <server>
9300_54#monitor capture CAP start
9300_54#monitor capture CAP stop
9300_54#monitor capture CAP export location flash:cl.pcap
9300_54#sh monitor capture file flash:cl.pcap 

try this way 

MHM

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎06-27-2024 01:02 PM

Example from official guide always works for me.  (check the time you like to capture, more you leave it fill up flash and switch may not have enough space) chances are crashing the router. so setup the time how long you want to capture.

#monitor capture CL interface GigabitEthernet 1/0/2 both
#monitor capture CL match ipv4 any any
#monitor capture CL limit duration 60
#monitor capture CL file location flash:cl.cap
#monitor capture CL start display brief

#show monitor capture file flash:cl.cap brief
#show moni capture file flash:cl.cap packet-number 1 detailed | be Transmission

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Ruben Cocheno
Spotlight
Spotlight

‎06-27-2024 04:13 PM

@BobGreer65666 

Try to apply it to a physical port as Embedded Packet Capture (EPC) isn't supported on logical ports, which includes port channels, switch virtual interfaces (SVIs), and subinterfaces. It's supported only on physical ports.

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9200/software/release/17-4/configuration_guide/nmgmt/b_174_nmgmt_9200_cg/configuring_packet_capture.html

Tag me to follow up.
Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again.
Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card