[c-nsp] packet capture on 6509....??
Lincoln Dale
ltd at cisco.com
Thu Nov 13 17:41:21 EST 2008
Gabby wrote:
> Hello,
>
> Is it possible to do packet capture or the like on a 6509 (or similar platform) that doesn't have a FW module. I know I could do span port, but I'm interested in knowing if there's any other method....
>
on Nexus 7000, you can do packet-capture of data-plane traffic today.
you can create an access-list with 'log' keyword, e.g. "permit tcp host
a.b.c.d host e.f.g.h log", apply that as a Port, VLAN or Routed ACL.
N7K will forward the packet in hardware (always does), and send a
rate-limited copy to the Supervisor for logging. that rate-limiting is
tunable, but by default is at a rate that won't ever cause excessive CPU
(default is 100 packet/sec for ACL-copy).
NX-OS has ethereal/wireshark built in, you can then run that on the
inband Sup port, create a .cap file or view the ethereal parsing on the
CLI if you wish.
cheers,
lincoln.
More information about the cisco-nsp
mailing list