In normal projects, there are many requirements for packet capture. The following describes several common packet capturing methods, which can be flexibly selected based on specific projects.
1. Traffic mirroring
S Switch
observe-port 1 interface gigabitethernet 0/0/2 //Configure observing ports, Multiple observation ports can be configured.
#
interface gigabitethernet 0/0/1
port-mirroring to observe-port 1 both //Configure mirrored ports, copy packets to the observing port.
CE switch/AR router
#
observe-port interface gigabitethernet 1/0/2 // Configure observing ports
#
interface gigabitethernet 1/0/0
mirror to observe-port both // Configure mirrored ports
#
NE Router
interface gigabitethernet0/1/0
port-observing observe-index 1 // Configure observing ports
#
interface GigabitEthernet0/3/0
port-mirroring to observe-index 1
port-mirroring inbound
port-mirroring outbound // Configure mirrored ports
#
2. Capture packets through CLI
Command:
capture-packet interface gigabitethernet 1/0/0 destination file flash:/capture.cap (terminal)
After the configuration is complete, the system automatically stops capturing packets when the number of packets reaches 100.
Then use FTP to put the packet capture file to the terminal or server.
3. Using the Fiber-optic splitter or Ethernet Splitter(Tap)
The Fiber-optic splitter or Ethernet Splitter can be used to divide an optical fiber or network cables into two, thus achieving the purpose of copying packets.
