Nexus has its own in-build wireshark feature(Cisco Nexus Packet Captures With Ethanalyzer) which is called ETH. By default, It can capture maximum 10 packets. But we can configure it for more using limit keyword.
By using this feature, we can capture both incoming and outgoing traffic from CPU or only incoming traffic from CPU or only outgoing traffic from CPU or management interface traffic.
Command to capture 10 packets of incoming and outgoing traffic from CPU:
N1# ethanalyzer local interface inabandinband :- Incoming and outgoing traffic from CPU
inaband-in :- Incoming traffic from CPU
inband-out :- Outgoing traffic from CPU
mgmt :- Management interface traffic
Defining the number of packets:
N1# ethanalyzer local interface inband limit-capture-frame 30Different commands to capture the specific packets:
N1# ethanalyzer local interface inband capture-filter "net 10.1.1.0 mask 255.255.255.0"
N1# ethanalyzer local interface inband capture-filter "net 10.1.1.1/24"
N1# ethanalyzer local interface inband capture-filter "src 10.1.1.2"
N1# ethanalyzer local interface inband capture-filter "dst 10.1.1.1"
N1# ethanalyzer local interface inband capture-filter "port 1985"
N1# ethanalyzer local interface inband capture-filter "port range 1980-1985"
N1# ethanalyzer local interface inband capture-filter "udp port 1985"
N1# ethanalyzer local interface inband capture-filter "tcp port 25"
N1# ethanalyzer local interface inband capture-filter "icmp"
N1# ethanalyzer local interface inband capture-filter "icmp detail"Command to save the capture in a File:
N1# ethanalyzer local interface inband limit-capture-frame 2000 write bootflash:xyzAbove command will allow to save the captured data in flash with the file name xyz as well as it will allow to take the capture of 2000 frames.
Command to read captured packets from a file:
N1# ethanalyzer local read bootflash:xyz limit-captured-frame 30 detailAbove command will display the 30 frames from xyz file. which is saved in flash.
Commands to read particular frames from a file:
N1# ethanalyzer local read bootflash:xyz display-filter "ip-src==10.1.1.1"
N1# ethanalyzer local read bootflash:xyz display-filter "ip-src== 10.1.1.1 and ip-dst==10.1.1.2"
N1# ethanalyzer local read bootflash:xyz display-filter "ip-src==10.1.1.1 and tcp-port eq 23"Downloading the captured file from flash:
N1# copy bootflash:xyz tftp
10.1.1.100Deleting the file from flash:
N1# delete bootflash:xyz
—————–:Cisco Nexus Packet Captures With Ethanalyzer:—————————
Thanks For Reading ……………….
We will recommend you to read below posts:
wow it was amazing