Simple_Packet_Capture
This repository is deprecated; please follow the main search page or use the ‘Related code repos’ widget on the right side of the current page.
Simple_Packet_Capture
TCL script to automate Embedded Packet Capture (EPC) and ERSPAN in Cisco platforms
Upload capture_program.tcl to flash on Cisco device
scp capture_program.tcl <username>@<deviceip>:capture_program.tcl
Create cisco alias:
config t
alias exec wireshark tclsh flash:capture_program.tcl
or
alias exec wireshark tclsh bootflash:capture_program.tcl
Supported Platforms
CSR1000v, ASR1004, 3560, 3850, 4400, 4500 (sup-8), 9300, 9400.
Version of code is 15.X or later code, recommended 16.x code. ERSPAN maybe limited on older platforms.
Usage
switch# wireshark
Examples:
[syntax] wireshark <protocol> <source_ip:[port]> <dest_ip:[port]> <control|interface> <duration ses> <capture size MB> <packet-len>
20 sec 10 MB 172 mtu
wireshark ip any any
wireshark ip 192.168.25.2 any
wireshark ip 192.168.25.2 192.168.30.20 Gi1/0/1
wireshark ip 192.168.25.2 192.168.30.20 Gi1/0/1 40 10
wireshark ip 192.168.25.2 192.168.30.20 control 60 30
wireshark tcp any any
wireshark tcp 192.168.25.2 any:80
wireshark tcp 192.168.25.2 192.168.30.20:443 Gi1/0/1
wireshark tcp 192.168.25.2:443 192.168.30.20 Gi1/0/1 40 10 1500
wireshark udp any any
wireshark udp 192.168.25.2 any
wireshark udp 192.168.25.2 192.168.30.20:53 Gi1/0/1
wireshark udp 192.168.25.2:53 192.168.30.20 Gi1/0/1 40 10
[syntax] wireshark erspan <protocol> <source_ip> <dest_ip> <collector ip> <monitor interface> <ERSPAN source ip> <max duration sec> <direction>
wireshark erspan ip any any
wireshark erspan ip any any 172.33.11.23 Gi1/0/1
wireshark erspan ip any any 172.33.11.23 Gi1/0/1 2.2.2.2
wireshark erspan ip any any 172.33.11.23 Gi1/0/1 2.2.2.2 50
wireshark erspan ip any any 172.33.11.23 Gi1/0/1 2.2.2.2 50 rx
wireshark erspan --debug tcp any any 172.33.11.23
***If you want display pcap on cli examples:
wireshark filter
***If you want to see commands used:
wireshark --debug <protocol> <source_ip:[port]> <dest_ip:[port]> (including remainder options)
Supported platfroms:
CSR1000v, ASR1004, 3560, 3850, 4400, 4500 (sup-8), 9300, 9400
Normal Run
Debug Run
ERSPAN Run
Help and Info
View code on GitHub
Owner
Contributors
Github contributorCategories
Programming Languages
TclLicense
GNU General Public License v3.0
Code Exchange Community
Get help, share code, and collaborate with other developers in the Code Exchange community.View CommunityDisclaimer:
Cisco provides Code Exchange for convenience and informational purposes only, with no support of any kind. This page contains information and links from third-party websites that are governed by their own separate terms. Reference to a project or contributor on this page does not imply any affiliation with or endorsement by Cisco.
Cisco provides Code Exchange for convenience and informational purposes only, with no support of any kind. This page contains information and links from third-party websites that are governed by their own separate terms. Reference to a project or contributor on this page does not imply any affiliation with or endorsement by Cisco.