Chapter 68
Configuring Wireshark
To define a capture point, use the following commands:
Command
monitor capture name [{interface name | vlan num |
control-plane} {in | out | both}
monitor capture name [[file location filename [buffer-size
<1-100>] [ring <2-10>] [size <1-100>]] | [buffer [circular]
size <1-100>]]
[no] monitor capture name limit {duration seconds]
[packet-length size] [packets num]
To clear the buffer contents, use the following command
Command
monitor capture [clear | export filename]
To start and stop a capture point, use the following command:
Command
monitor capture name start [capture-filter filter-string]
[display [display-filter filter-string]] [brief | detailed |
dump | stop]
Examples
Associating or Disassociating a Capture File
Switch# monitor capture point mycap file location bootdisk:mycap.pcap
Switch# no monitor capture mycap file
Specifying a Memory Buffer Size for Packet Burst Handling
Switch# monitor capture mycap buffer-size 1000000
Defining an Explicit Core System Filter to Match Both IPv4 and IPv6 TCP Traffic
Switch# monitor capture mycap match any protocol tcp
Defining a Core System Filter Using an Existing ACL or Class Map
Switch# monitor capture mycap match access-list myacl
Switch# monitor capture mycap match class-map mycm
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Purpose
Specifies one or more attachment points with direction.
To remove the attachment point, use the no form of this
command.
Specifies the capture destination.
To remove the details, use the no form of this command.
Specifies capture limits.
To remove the limits, use the no form of this command.
Purpose
Clears capture buffer contents or stores the packets to a file.
Purpose
To start or stop a capture point, use the monitor capture
command.
How to Configure Wireshark
68-13