Date created: Monday, December 21, 2015 5:00:12 PM. Last modified: Thursday, August 13, 2020 4:11:01 PM
ASR1000 Embeded Packet Capture
References:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/epc/configuration/xe-3s/asr1000/epc-xe-3s-asr1000-book/nm-packet-capture-xe.html
http://www.foxnetwork.ru/index.php/en/component/content/article/113-cisco-asr-sniffering.html
Generic Capture
monitor capture cb buffer size 1 limit pps 10000 duration 10 packet-len 2000 interface Hu2/0/0 both match ipv4 any any
show monitor capture cb
monitor capture cb start
monitor capture cb stop
show monitor capture cb buffer
show monitor capture cb buffer dump
monitor capture cb clear
no monitor capture cb
Capture with ACL
Packet capture of a subscriber pinging a loopback on an ASR that acts as an LNS. ASR/LNS IP is 111.22.22.111 and LAC/BRAS is 11.222.222.11. Subscriber is 1.2.3.4 (01020304) and loopback is 100.66.0.13 (6442000D).
lns(config)#ip access-list extended L2TP-ACL
lns(config-ext-nacl)#10 permit udp any any eq 1701
lns(config-ext-nacl)#20 permit udp any eq 1701 any
lns#show access-lists L2TP-ACL
Extended IP access list L2TP-ACL
10 permit udp any any eq 1701
20 permit udp any eq 1701 any
lns#monitor capture ?
WORD Name of the Capture
lns#monitor capture L2TP_Cap ?
access-list access-list to be attached
buffer Buffer options
class-map class name to attached
clear Clear Buffer
control-plane Control Plane
export Export Buffer
interface Interface
limit Limit Packets Captured
match Describe filters inline
start Enable Capture
stop Disable Capture
lns#monitor capture L2TP_Cap access-list L2TP-ACL interface gi0/0/0.201 both limit packets 10
lns#monitor capture L2TP_Cap start
lns#show monitor capture L2TP_Cap
Status Information for Capture L2TP_Cap
Target Type:
Interface: GigabitEthernet0/0/0.201, Direction: both
Status : Active
Filter Details:
Access-list: L2TP-ACL
Buffer Details:
Buffer Type: LINEAR (default)
Buffer Size (in MB): 10
Limit Details:
Number of Packets to capture: 10
Packet Capture duration: 0 (no limit)
Packet Size to capture: 0 (no limit)
Maximum number of packets to capture per second: 1000
Packet sampling rate: 0 (no sampling)
lns#show monitor capture L2TP_Cap buffer
buffer size (KB) : 10240
buffer used (KB) : 128
packets in buf : 10
packets dropped : 0
packets per sec : 1
lns#show monitor capture L2TP_Cap
Status Information for Capture L2TP_Cap
Target Type:
Interface: GigabitEthernet0/0/0.201, Direction: both
Status : Inactive
Filter Details:
Access-list: L2TP-ACL
Buffer Details:
Buffer Type: LINEAR (default)
Buffer Size (in MB): 10
Limit Details:
Number of Packets to capture: 10
Packet Capture duration: 0 (no limit)
Packet Size to capture: 0 (no limit)
Maximum number of packets to capture per second: 1000
Packet sampling rate: 0 (no sampling)
lns#show monitor capture L2TP_Cap buffer brief
-------------------------------------------------------------
# size timestamp source destination protocol
-------------------------------------------------------------
0 100 0.000000 11.222.222.11 -> 111.22.22.111 UDP
1 102 0.000000 111.22.22.111 -> 11.222.222.11 UDP
2 156 0.784007 11.222.222.11 -> 111.22.22.111 UDP
3 158 0.784007 111.22.22.111 -> 11.222.222.11 UDP
4 100 2.016005 11.222.222.11 -> 111.22.22.111 UDP
5 102 2.016005 111.22.22.111 -> 11.222.222.11 UDP
6 100 4.029997 11.222.222.11 -> 111.22.22.111 UDP
7 102 4.029997 111.22.22.111 -> 11.222.222.11 UDP
8 100 6.046994 11.222.222.11 -> 111.22.22.111 UDP
9 102 6.046994 111.22.22.111 -> 11.222.222.11 UDP
lns#show monitor capture L2TP_Cap buffer detailed
-------------------------------------------------------------
# size timestamp source destination protocol
-------------------------------------------------------------
.....
2 156 0.784007 11.222.222.11 -> 111.22.22.111 UDP
0000: 58F39C8A 8A00A80C 0D33A828 810000C9 X........3.(....
0010: 08004500 008A3CA3 0000F811 F0E60BDE ..E...<.......Q.
0020: DE0B6F16 166F06A5 06A50076 00000002 y<.........v....
0030: 4E7EDF6D FF030021 45000064 00160000 N~.m...!E..d....
3 158 0.784007 111.22.22.111 -> 11.222.222.11 UDP
0000: A80C0D33 A82858F3 9C8A8A00 810000C9 ...3.(X.........
0010: 08004500 008C0583 0000FF11 21056F16 ..E.........!...
0020: 166F0BDE DE0B06A5 06A50078 00000202 ..Q.y<.....x....
0030: 7E8CD889 0000FF03 00214500 00640016 ~........!E..d..
lns#show monitor capture L2TP_Cap buffer dump
.....
2
0000: 58F39C8A 8A00A80C 0D33A828 810000C9 X........3.(....
0010: 08004500 008A3CA3 0000F811 F0E60BDE ..E...<.......Q.
0020: DE0B6F16 166F06A5 06A50076 00000002 y<.........v....
0030: 4E7EDF6D FF030021 45000064 00160000 N~.m...!E..d....
0040: FF01C270 01020304 6442000D 0800BA12 ...pR.A.dB......
0050: 000A0000 00000000 192DAB00 ABCDABCD .........-......
0060: ABCDABCD ABCDABCD ABCDABCD ABCDABCD ................
0070: ABCDABCD ABCDABCD ABCDABCD ABCDABCD ................
0080: ABCDABCD ABCDABCD ABCDABCD ABCDABCD ................
0090: ABCDABCD ABCDABCD ABCDABCD ............
3
0000: A80C0D33 A82858F3 9C8A8A00 810000C9 ...3.(X.........
0010: 08004500 008C0583 0000FF11 21056F16 ..E.........!...
0020: 166F0BDE DE0B06A5 06A50078 00000202 ..Q.y<.....x....
0030: 7E8CD889 0000FF03 00214500 00640016 ~........!E..d..
0040: 0000FF01 C2706442 000D0102 03040000 .....pdB..R.A...
0050: C212000A 00000000 0000192D AB00ABCD ...........-....
0060: ABCDABCD ABCDABCD ABCDABCD ABCDABCD ................
0070: ABCDABCD ABCDABCD ABCDABCD ABCDABCD ................
0080: ABCDABCD ABCDABCD ABCDABCD ABCDABCD ................
0090: ABCDABCD ABCDABCD ABCDABCD ABCD ..............
Previous page: ASR920 Overview
Next page: ASR1000 Hardware Overview