Below is the Ethanalyzer for data palne. For control plane please click on green button below:
By default, wireshark or ETH is used to capture the control plane traffic. But we can also capture the data plane traffic by creating ACLs with log keyword and then apply the ACL on interface.
In this case, control plane and data plane both type of traffic will be capture and have to find the data plane traffic.
But best option is SPAN for capture the data plane traffic.
conf t ip access-list abc statistics per-entry permit tcp host 18.104.22.168 host 22.214.171.124 eq 88 log permit ip any any interface e3/23 ip access-group abc in ethanalyzer local interface inband limit-captured-frame 1000 write bootflash:xyz dir bootflash:xyz ethanalyzer local read bootflash:xyz
Command to check the number of packets per second filter capacity of ACL on interface:
show hardware rate-limiter access-list-log
Thanks for Reading ………………………
We will recommend you to read below posts: