Cisco IOS Packet Capture

Previously I posted about how to do a packet capture on a Cisco ASR1000 platform, here I show you how to do a Cisco IOS Packet Capture which is possible on IOS based router’s for example a Cisco ISR 1921.
First we need to specify the traffic we are interested in seeing in an ACL;
conf t
ip access-list ext mycap-acl
permit udp any host 8.8.8.8 eq 53
permit udp host 8.8.8.8 eq 53 any
Next we setup the capture buffer;
monitor capture buffer BUF max-size 2000 circular
monitor capture buffer BUF limit duration 120
monitor capture buffer BUF filter access-list mycap-acl
And now the capture point;
monitor capture point ip cef POINT Vlan10 both
monitor capture point associate POINT BUF
So, we are now ready to start the capture which will run for unto 2 minutes (120 seconds) and will capture upto 2 Kbytes of data.
monitor capture point start POINT
To observe the capture in progress;
show monitor capture buffer BUF parameters
And finally to stop the capture if its still running, export the data and remove our code;
monitor capture point stop all
monitor capture buffer BUF export ftp://1.1.1.1/mycap.pcap
monitor capture point stop all
no monitor capture buffer BUF
no monitor capture point ip cef POINT Vlan10 both