Grodd

思科Cisco IOS XE 4K抓包配置总结

1、抓取控制平面数据包

Internet-R4331-1#monitor capture A control-plane both match mac any any limit packets 10 ##限制抓包数10个，抓满10个后自动停止抓包

Internet-R4331-1#monitor capture A start ##如果没抓满10个，可以手动使用stop停止抓包

Started capture point : A

Internet-R4331-1#show monitor capture A buffer brief

----------------------------------------------------------------------------

# size timestamp source destination dscp protocol

----------------------------------------------------------------------------

0 54 0.000000 10.16.64.67 -> 210.22.10.233 0 BE TCP

1 71 0.001007 10.16.64.67 -> 210.22.10.233 0 BE TCP

2 54 0.001007 10.16.64.67 -> 210.22.10.233 0 BE TCP

3 54 0.001007 210.22.10.233 -> 10.16.64.67 0 BE TCP

4 54 0.001999 210.22.10.233 -> 10.16.64.67 0 BE TCP

5 54 0.001999 10.16.64.67 -> 210.22.10.233 0 BE TCP

6 54 0.074001 10.16.15.44 -> 210.22.10.233 0 BE TCP

7 58 0.432976 210.22.10.234 -> 224.0.0.2 48 CS6 UDP

8 60 0.614974 00:1C:7F:80:A4:36 -> FF:FF:FF:FF:FF:FF -- ARP

9 450 0.826013 00:B6:70:DA:7A:A0 -> 01:00:0C:CC:CC:CC -- LLC

2、抓取接口特定数据包

Internet-R4331-1#monitor capture A int g0/0/0 out match ipv4 host 10.1.13.121 any limit packets 10 ##抓取来自10.1.133.121，经过g0/0/0接口出去的10个包

Internet-R4331-1#monitor capture A start

Started capture point : A

Internet-R4331-1#show monitor capture A buffer brief

----------------------------------------------------------------------------

# size timestamp source destination dscp protocol

----------------------------------------------------------------------------

0 88 0.000000 10.1.13.121 -> 10.253.17.125 0 BE TCP

1 66 0.017065 10.1.13.121 -> 10.253.17.125 0 BE TCP

2 88 15.010009 10.1.13.121 -> 10.253.17.125 0 BE TCP

3 88 15.018056 10.1.13.121 -> 10.253.17.125 0 BE TCP

4 66 15.026051 10.1.13.121 -> 10.253.17.125 0 BE TCP

5 66 15.034062 10.1.13.121 -> 10.253.17.125 0 BE TCP

6 88 30.018056 10.1.13.121 -> 10.253.17.125 0 BE TCP

7 88 30.035054 10.1.13.121 -> 10.253.17.125 0 BE TCP

8 66 30.035054 10.1.13.121 -> 10.253.17.125 0 BE TCP

9 66 30.051059 10.1.13.121 -> 10.253.17.125 0 BE TCP

3、查看抓包信息

Internet-R4331-1#show monitor capture A ##查看抓包配置

Status Information for Capture A

Target Type:

Interface: GigabitEthernet0/0/0, Direction: OUT

Status : Inactive

Filter Details:

IPv4

Source IP: host 10.1.13.121

Destination IP: any

Protocol: any

Buffer Details:

Buffer Type: LINEAR (default)

Buffer Size (in MB): 10

Limit Details:

Number of Packets to capture: 10

Packet Capture duration: 0 (no limit)

Packet Size to capture: 0 (no limit)

Maximum number of packets to capture per second: 1000

Packet sampling rate: 0 (no sampling)

Internet-R4331-1#show monitor capture A buffer brief

----------------------------------------------------------------------------

# size timestamp source destination dscp protocol

----------------------------------------------------------------------------

0 88 0.000000 10.1.13.121 -> 10.253.17.125 0 BE TCP

1 66 0.017065 10.1.13.121 -> 10.253.17.125 0 BE TCP

2 88 15.010009 10.1.13.121 -> 10.253.17.125 0 BE TCP

3 88 15.018056 10.1.13.121 -> 10.253.17.125 0 BE TCP

4 66 15.026051 10.1.13.121 -> 10.253.17.125 0 BE TCP

5 66 15.034062 10.1.13.121 -> 10.253.17.125 0 BE TCP

6 88 30.018056 10.1.13.121 -> 10.253.17.125 0 BE TCP

7 88 30.035054 10.1.13.121 -> 10.253.17.125 0 BE TCP

8 66 30.035054 10.1.13.121 -> 10.253.17.125 0 BE TCP

9 66 30.051059 10.1.13.121 -> 10.253.17.125 0 BE TCP

Internet-R4331-1#show monitor capture A buffer detailed ##通过详细信息，可以了解包的源目IP、MAC和端口等信息

----------------------------------------------------------------------------

# size timestamp source destination dscp protocol

----------------------------------------------------------------------------

0 88 0.000000 10.1.13.121 -> 10.253.17.125 0 BE TCP

0000: 001C7C80 A43600C6 70DA7A98 08004500 .....6..p.z...E.

0010: 004CDA6C 400CCE06 1B4D0A01 85790AFD .J.l@.>..M...y..

0020: ACCDCCE6 2CC85635 E8111785 00ED8018 .}../.V5........

0030: 05909144 00000101 080A285F EE00F7C9 ...D......(_....

Internet-R4331-1#show monitor capture A buffer dump ##抓包能获取HTTP返回值等信息