Cisco IOS EPC
Jul 20, 2017 · 1 min read
Embedded packet capture (EPC) is a way to capture packets directly on a router. These packet captures can then be sent to a server (FTP,SCP,HTTP,ETC) for packet analysis in a program such as wireshark. EPC requires IOS version 12.4(20)t or greater.
The below code sets up a capture for interface fa0/0 and exports the capture to a ftp server.
monitor capture buffer BUFFER
monitor capture buffer BUFFER size 512 max-size 256
monitor capture point ip cef FA0_0 fa0/0 both
monitor capture point asso FA0_0 BUFFER
monitor capture point start FA0_0
monitor capture buffer BUFFER export ftp://host/filename.pcapThe capture can be stopped with the following
monitor capture point stop FA0_0You can determine if the capture is working with the following:
show monitor capture buffer BUFFER parameters
Rack1R1#show monitor capture buffer BUFFER parameters
Capture buffer BUFFER (linear buffer)
Buffer Size : 524288 bytes, Max Element Size : 256 bytes, Packets : 5
Allow-nth-pak : 0, Duration : 0 (seconds), Max packets : 0, pps : 0
Associated Capture Points:
Name : FA0_0, Status : Active
Configuration:
monitor capture buffer BUFFER size 512 max-size 256 linear
monitor capture point associate FA0_0 BUFFERMore information can be found in the config guide:
