Networks Training

You are here: Home / Cisco Routers / IOS Packet Capture and Auto Upgrade

IOS Packet Capture and Auto Upgrade

Written By

IOS Packet Capture

Finally there is a feature that was missing from IOS in the past. This is the ability to easily capture packets travelling through the router, and export the captured data to PCAP format so that you can view it with third party tools (like Wireshark).

This feature is useful also when doing network bench marking to assess how the network behaves under high stress with traffic spikes etc. This can be tested using packet generator software tools for example.

The packets can also be viewed locally on the router. The configuration example below shows how to enable packet capture (supported in IOS version 12.4(20)T):

Cisco-Router# monitor capture buffer mycapturedata size 128 max-size 128 circular
Cisco-Router# monitor capture point ip cef capturepoint1fastEthernet 1/1 both
Cisco-Router# monitor cap point associate capturepoint1 mycapturedata
!Start the capture
Cisco-Router# monitor capture point start capturepoint1
!Stop the capture
Cisco-Router# monitor capture point stop capturepoint1

MORE READING:  Configuring EasyVPN Between Cisco Routers

The configuration above first creates a capture circular buffer (mycapturedata) and a capture interface point (capturepoint1) on physical interface FastEthernet 1/1. Then you need to associate the capture point and the capture buffer.

Now, in order to view or export the captured data use the following commands:

Cisco-Router# show monitor capture buffer mycapturedata dump
Cisco-Router# monitor capture buffer mycapturedata export [location]

IOS Auto Upgrade

From IOS version 12.4(15)T, there is a new feature for automaticaly upgrading your Cisco IOS images either directly from Cisco (IDA Server – Intelligent Download Application) or from a local TFTP/FTP server, as shown below:

cisco router auto upgrade feature

The new auto upgrade feature provides also a “warm upgrade” option which decompresses the new image and transfers control to it using the reload warm command. To set up auto upgrade, use the following commands:

Router# configure terminal
Router(config)# autoupgrade disk-cleanup crashinfo
Router(config)# autoupgrade ida url [enter the URL of the IDA Server] Router(config)# autoupgrade status [email address] [smtp-server]

MORE READING:  Explanation and Configuration of OSPF MD5 Authentication on Cisco Networks

! Now issue the interactive mode command to step you through the upgrade process
Router# upgrade automatic

Related Posts

Filed Under: Cisco Routers

Download Free Cisco Commands Cheat Sheets

Enter your Email below to Download our Free Cisco Commands Cheat Sheets for Routers, Switches and ASA Firewalls.

We use Elastic Email as our marketing automation service. By submitting this form, you agree that the information you provide will be transferred to Elastic Email for processing in accordance with their Terms of Use and Privacy Policy. Also, you allow me to send you informational and marketing emails from time-to-time.

About Harris Andrea

Harris Andrea is an Engineer with more than two decades of professional experience in the fields of TCP/IP Networks, Information Security and I.T. Over the years he has acquired several professional certifications such as CCNA, CCNP, CEH, ECSA etc.

He is a self-published author of two books ("Cisco ASA Firewall Fundamentals" and "Cisco VPN Configuration Guide") which are available at Amazon and on this website as well.

Comments

  1. Sanders says

    Hi,

    I’m a Cisco newbie… beware.

    I tried to find some more info about traffic capturing in IOS, and found this “http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/ht_rawip.html” in Cisco’s website.

    Is that on Cisco’s website talking about the same thing?

  2. BlogAdmin says

    The url you mention will accomplish similar thing with what I describe in my post. The IP traffic export is useful to send traffic to external devices like monitoring devices or IDS systems.

  3. Dan says

    For the above packet capture to work, wouldn’t you’d also need:

    Cisco-Router# monitor capture point start capturepoint1

    and then, use:

    Cisco-Router# monitor capture point stop capturepoint1

  4. Blog Admin says

    Dan,

    Thanks for pointing this out. Yes, you definitely need to start and stop the capture.

    cheers

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About Networks Training

We Provide Technical Tutorials and Configuration Examples about TCP/IP Networks with focus on Cisco Products and Technologies. This blog entails my own thoughts and ideas, which may not represent the thoughts of Cisco Systems Inc. This blog is NOT affiliated or endorsed by Cisco Systems Inc. All product names, logos and artwork are copyrights/trademarks of their respective owners.

Amazon Disclosure

As an Amazon Associate I earn from qualifying purchases.
Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates.

BLOGROLL

Tech21Century
Firewall.cx