Wireshark is a packet analyzer program that supports multiple protocols. Use this command to capture packets that fit into a size range.
Monitor capture (interface / control plane)Ĭonfigures limits like duration (time), packet length (size), or a total number of packets. Use this command to attach an access-list to a capture point. Note: It's possible not all these commands will be available on your platform. Note: The command references show the Wireshark vs EPC commands. Configuration takes place in EXEC mode, not in config mode. Capturing packets that are handled by the CPU (outside the data plane) is performed by attaching the capture to the control plane. EPC allows network administrators to capture data packets flowing through, to, and from a Cisco device and has been in IOS \ IOS XE for many years. Using filters to capture specific traffic can reduce CPU and memory utilization.Įmbedded Packet Capture is a toolset that actually captures the traffic. Please be aware of typical CPU & memory usage before enabling these features.
Wireshark on IOS XE is also a method of capturing and displaying traffic in IOS XE, however, Wireshark is much more flexible when it comes to working with the captured traffic and displaying the captured traffic on the CLI.įinally, both Wireshark and Embedded Packet Capture can be CPU and Memory intensive processes. In summary, Embedded Packet Capture is a method of capturing and displaying traffic in IOS XE. This article is to help network administrators differentiate between Wireshark and EPC and to show examples of both methods. Wireshark requires a DNA Advantage term license and EPC requires a Network Essentials perpetual license, this has created confusion. Some monitor capture commands in IOS XE use Wireshark others use EPC.
SPAN is another way of redirecting traffic to a monitoring destination but has no local display, this article is NOT about SPAN. Wireshark can also be an application that runs as a container on C9300 and C9400, this article is NOT about that. Wireshark is an application that runs natively inside of IOS XE on the Cat 9k. Wireshark and Embedded Packet Capture (EPC) are methods of capturing and or displaying captured traffic on an IOS XE box.
0 kommentar(er)
