05-13-2015 10:59 PM - edited 03-08-2019 12:00 AM
Hi all,
I have been working on packet tracer and gns3 which have incorporated packet capturing and tracing as part of their function.
This allow me to see and understand how the network traffic flows and troubleshoot if necessary.
However, in actual life scenario, what would be the "recommended" or straightforward or most efficient way of capturing packets on interfaces and exporting them out on wireshark for troubleshooting ?
Can i just plug a server into a switch port and have have another interface traffic mirrored over and send to the server ?
Regards,
Noob
Solved! Go to Solution.
06-02-2015 03:25 AM
Maybe Joseph had already answered well, I'd have been very interested in his post :)
You could look at "spanning" a port to a sniffer which in essence replicates the traffic to a "monitor" port, some routers/switch's have a mechanism (embedded packet capture) to do captures already which outputs to a file in a location (you usually set it to xxxxx.pcap) and then pull the file off via tftp or something, on top of that, if EPC is not supported, a poor man's sniffer would be an ACL on an interface logging away the hits.
Examples:
SPAN http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/10570-41.html
EPC https://supportforums.cisco.com/document/139686/configuration-example-embedded-packet-capture-cisco-ios-and-ios-xe
Hope this helps.
Bilal
06-06-2015 05:50 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Hmm, I see Aglaia hasn't restored our posts. That would seem both a disservice to those of us who freely provide our time to provide them, and to the rest of the community that loses out on their content. If someone is scoring their own posts, instead of removing other users' innocent posts, that they also scored, couldn't you just remove their scores from our posts?
Regardless, I think my original post mentioned the later EPC feature, which Bilal also has since noted, but I recall I also mentioned a variation of SPAN, ESPAN, which I found, allows you to direct its output, via L3, right to a host running something like Wireshark. Very handy! You do, though, need to be aware of the bandwidth it might consume, especially if you ESPAN a LAN port but your monitoring host is somewhere else across a lower bandwidth WAN.
05-29-2015 05:18 PM
06-01-2015 01:22 PM
Could you clarify why my post was removed?
06-01-2015 02:06 PM
Post was deleted because a user was identified to be gaming the system by self-rating their own posts using secondary accounts. Unfortunately, several posts had to be removed.
We are currently reviewing other posts and will not hesitate to remove or block users who engage in misconduct on the Cisco Support Community.
06-01-2015 07:13 PM
So you're saying, someone was self rating their own posts and other innocent "bystander" posts had to be removed too?
06-02-2015 12:34 AM
Agreed with Joseph. I have no idea why was the thread deleted (there are no misconduct here).
Regards,
Noob
06-02-2015 03:25 AM
Maybe Joseph had already answered well, I'd have been very interested in his post :)
You could look at "spanning" a port to a sniffer which in essence replicates the traffic to a "monitor" port, some routers/switch's have a mechanism (embedded packet capture) to do captures already which outputs to a file in a location (you usually set it to xxxxx.pcap) and then pull the file off via tftp or something, on top of that, if EPC is not supported, a poor man's sniffer would be an ACL on an interface logging away the hits.
Examples:
SPAN http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/10570-41.html
EPC https://supportforums.cisco.com/document/139686/configuration-example-embedded-packet-capture-cisco-ios-and-ios-xe
Hope this helps.
Bilal
06-06-2015 05:50 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Hmm, I see Aglaia hasn't restored our posts. That would seem both a disservice to those of us who freely provide our time to provide them, and to the rest of the community that loses out on their content. If someone is scoring their own posts, instead of removing other users' innocent posts, that they also scored, couldn't you just remove their scores from our posts?
Regardless, I think my original post mentioned the later EPC feature, which Bilal also has since noted, but I recall I also mentioned a variation of SPAN, ESPAN, which I found, allows you to direct its output, via L3, right to a host running something like Wireshark. Very handy! You do, though, need to be aware of the bandwidth it might consume, especially if you ESPAN a LAN port but your monitoring host is somewhere else across a lower bandwidth WAN.
06-08-2015 08:09 AM
Thanks all,
No worries, I saved the answers in my notes already ;)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide