Cisco Router Packet Capture and Export

I’ve recently had to troubleshoot some SIP calls going through a Cisco router (CUBE) and needed a way to capture the stream and view it easily.

To do this, you will need:

  1. CLI access to the router
  2. Wireshark installed on your PC
  3. tftp server installed on your PC (I used tftpd found here: LINK)

Here are the steps required:

Log into your router and create the capture policy:

ip traffic-export profile <name> mode capture
bidirectional

Assign the capture profile to the interface:

interface <interface>
ip traffic-export apply <name> size 20000000

Clear any data and start the export:

traffic-export interface <interface> clear
traffic-export interface <interface> start

Test your application (or in my case, a SIP call)

Once the test is complete, stop the export:

traffic-export interface <interface> stop

Export the captured traffic to your PC via tftp:

traffic-export interface <interface> copy tftp:

Use Wireshark to open the file, then click “Telephony” at the top and then “VoIP Calls” to analyze the SIP traffic

Also, if you want to send your logs (in case of a debug) to your PC via tftp, the command is:

show logging | redirect tftp://tftpserver/destinationfilename

Source: https://thevoiceman.wordpress.com/2014/11/28/ip-traffic-exporting-cube/

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s