This is perfect for looking at packet headers but the actual content of the packets will be truncated if the length is greater than 68 bytes (which it will likely be). GRANT-897#show monitor capture buffer all parametersīuffer Size : 1048576 bytes, Max Element Size : 68 bytes, Packets : 0Īllow-nth-pak : 0, Duration : 0 (seconds), Max packets : 0, pps : 0Īs you can see, the default buffer size is 1MB in size and will capture the first 68 bytes of a packet. This buffer is a space allocated in memory upon creation which we can then link to a capture point. (If you wish to skip the full configuration skip to the bottom for a summary).įirst, we define a buffer to store the packets we capture. Below is an example of how to use such a feature. This feature is known as 'capture monitor' and exists on the ISR series of routers I've been using. Solution:Ĭisco provides a mechanism to capture packets on router interfaces in pcap format and then export this back to a TFTP server for analysis! A feature I was unaware of until a few days ago. Things like SNMP and netflow allow the gathering of statistics and endpoint addresses which can give insight to such problems, but often it would be useful to have more information such as a packet capture to specifically analyse packet headers or even packet contents of branch clients. Several tools exist already which do a reasonable job. Occasionally incidents happen at these locations which require investigation (a single client hogging bandwidth, suspicious activity, etc etc). These branches have internet connections which connect back to central hubs via DMVPN. I look after multiple 'remote branch' type locations.
0 kommentar(er)
