SMTP is the Simple Mail Transfer Protocol. port 67 or port 68 Capture Traffic Not on a Certain Protocol - Exclude HTTP or SMTP Traffic port 53 Capture Traffic Only on a Certain Protocol - Capture Only DHCP TrafficĭHCP is the Dynamic Host Configuration Protocol. Src net 172.16.7.0 mask 255.255.255.0 Capture Traffic to a Range of IP Addresses dst net 172.16.7.0/24ĭst net 172.16.7.0 mask 255.255.255.0 Capture Traffic Only on a Certain Protocol - Capture Only DNS TrafficĭNS is the Domain Name System Protocol. Examples of Capture-filter Values Capture Traffic to or from an IP Host host 10.1.1.1 Capture Traffic to or from a Range of IP Addresses net 172.16.7.0/24 This information helps you understand and troubleshoot the flow of packets through the CPU.Ĭonvert the NX-OS index to hexadecimal, then use the show system internal pixm info ltl x command in order to map the local target logic (LTL) index to a physical or logical interface. The 'decode-internal' option reports internal information on how the Nexus 7000 forwards the packet. You can also transfer the file to a server or a PC and read it with Wireshark or any other application that can read cap or pcap files. The 'read' option lets you read the saved file on the device itself. Definitions of those options are in this screen shot: The 'capture-ring-buffer' option creates multiple files after a specified number of seconds, a specified number of files, or a specified file size. The 'display' option forces Cisco NX-OS to display the packets while it saves the capture data to a file. When the capture data is saved to a file, the captured packets are, by default, not displayed in the terminal window. An example of a 'write' option with 'capture-filter' and an output file name of 'first-capture' is: The capture file size is limited to 10 MB.Īn example Ethanalyzer command with a 'write' option is ethanalyzer local interface inband write bootflash: capture_file_name. The 'write' option lets you write the capture data to a file in one of the storage devices (such as boothflash or logflash) on the Cisco Nexus 7000 Series Switch for later analysis. With the 'display-filter' option, Ethanalyzer first captures five packets then displays only the packets that match the filter 'ip.addr=10.10.10.2.' With the 'capture-filter' option, Ethanalyzer shows you five packets which match the filter 'host 10.10.10.2'. In this example, 'limit-captured-frames' is set to 5. However, the tmp file can fill quickly, since it first captures all packets and then displays only the desired packets. A display filter uses fully dissected packets, so you can do very complex and advanced filtering when you analyze a network tracefile. Use the 'display-filter' option in order to change the view of a capture file (tmp file). Because full dissection has not been done on the packets, the filter fields are predefined and limited. A capture filter maintains a high rate of capture while it filters. Use the 'capture-filter' option in order to select which packets to display or save to disk during capture. ^C can be used to abort and get the switch prompt back in the middle of a capture if required. Use the 'detail' option for detailed protocol information. This is a summary view of output from the ethanalyzer local interface inband command.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |