IOS Packet Capture
Finally there is a feature that was missing from IOS in the past. This is the ability to easily capture packets travelling through the router, and export the captured data to PCAP format so that you can view it with third party tools (like Wireshark). The packets can also be viewed locally on the router. The configuration example below shows how to enable packet capture (supported in IOS version 12.4(20)T):
Cisco-Router# monitor capture buffer mycapturedata size 128 max-size 128 circular
Cisco-Router# monitor capture point ip cef capturepoint1fastEthernet 1/1 both
Cisco-Router# monitor cap point associate capturepoint1 mycapturedata
!Start the capture
Cisco-Router# monitor capture point start capturepoint1
!Stop the capture
Cisco-Router# monitor capture point stop capturepoint1
The configuration above first creates a capture circular buffer (mycapturedata) and a capture interface point (capturepoint1) on physical interface FastEthernet 1/1. Then you need to associate the capture point and the capture buffer.
Now, in order to view or export the captured data use the following commands:
Cisco-Router# show monitor capture buffer mycapturedata dump
Cisco-Router# monitor capture buffer mycapturedata export [location]
IOS Auto Upgrade
From IOS version 12.4(15)T, there is a new feature for automaticaly upgrading your Cisco IOS images either directly from Cisco (IDA Server – Intelligent Download Application) or from a local TFTP/FTP server, as shown below:
The new auto upgrade feature provides also a “warm upgrade” option which decompresses the new image and transfers control to it using the reload warm command. To set up auto upgrade, use the following commands:
Router# configure terminal
Router(config)# autoupgrade disk-cleanup crashinfo
Router(config)# autoupgrade ida url [enter the URL of the IDA Server]
Router(config)# autoupgrade status [email address] [smtp-server]
! Now issue the interactive mode command to step you through the upgrade process
Router# upgrade automatic
Related posts:
- Packet capture and sniffing using the Cisco ASA Firewall
- How to upgrade the Cisco IPS module AIP-SSM
- Configuring a Cisco Catalyst Switch SPAN mirroring port
- Cisco IOS jumps from version 12 to version 15
- How to upgrade Cisco ASA Firewall License
- Blocking peer-to-peer using Cisco IOS NBAR
- How to configure Cisco Router with IOS Firewall Functionality – CBAC
5 Responses to 'IOS Packet Capture and Auto Upgrade'
Leave a Reply
Configuration Tutorial For Cisco ASA 5500 Firewalls
With FREE ASA 5505 Configuration Tutorial Bonus
CLICK HERE TO DOWNLOAD EBOOKS
Hi,
I’m a Cisco newbie… beware.
I tried to find some more info about traffic capturing in IOS, and found this “http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/ht_rawip.html” in Cisco’s website.
Is that on Cisco’s website talking about the same thing?
The url you mention will accomplish similar thing with what I describe in my post. The IP traffic export is useful to send traffic to external devices like monitoring devices or IDS systems.
For the above packet capture to work, wouldn’t you’d also need:
Cisco-Router# monitor capture point start capturepoint1
and then, use:
Cisco-Router# monitor capture point stop capturepoint1
Dan,
Thanks for pointing this out. Yes, you definitely need to start and stop the capture.
cheers
This function has been around for some time. See the “ip traffic-export” command set introduced in the 12.3(4)T IOS release back in October 2003. This gives you plenty of functionality since you can define “interesting” traffic for the capture by associating incoming and outgoing access-list on what to capture.
http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/ht_rawip.html