1. Configure the capture
config terminal ip access-list extended CAP-FILTER permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255 exit exit monitor capture CAP access-list CAP-FILTER buffer size 10 interface GigabitEthernet 0/0/0 both
2. Start the capture
monitor capture CAP start
3. Stop the capture
monitor capture CAP stop
4. Verify the capture is collecting packets
show monitor capture CAP buffer
Should see packets captured in the output:
Router#show monitor capture CAP buffer buffer size (KB) : 14336 buffer used (KB) : 128 packets in buf : 184 packets dropped : 0 packets per sec : 7
5. Collect the dump and decode it in the next step.
show monitor capture CAP buffer brief
Can be used to see a basic decode of the captured packetst:
Router#show monitor capture CAPi buffer brief ------------------------------------------------------------- # size timestamp source destination protocol ------------------------------------------------------------- 0 60 0.000000 10.7.7.130 -> 10.7.7.43 TCP 1 60 0.000992 10.7.7.43 -> 10.7.7.130 TCP 2 75 0.000992 10.7.7.43 -> 10.7.7.130 TCP 3 58 0.001999 10.7.7.130 -> 10.7.7.43 TCP 4 58 0.001999 10.7.7.130 -> 10.7.7.43 TCP 5 60 0.128000 10.7.7.130 -> 10.7.7.43 TCP 6 60 0.128992 10.7.7.43 -> 10.7.7.130 TCP
Or collect the full dump and decode it in the Dump Decoder tab above if more detailed analysis is necessary
terminal length 0 show monitor capture CAP buffer dump
6. Remove the capture and access list (ACL) if necessary:
no monitor capture CAP config terminal no ip access-list extended CAP-FILTER exit