CloudShark Support

Integrating CloudShark with Cisco IOS

Integrating CloudShark with Cisco IOS

Support for Cisco’s Embedded Packet Capture was introduced in CloudShark v. 1.4.

Starting in Cisco IOS 12.4(20), IOS has the ability to capture packet data and export this externally. The Cisco IOS capture interface works with a CloudShark appliance starting with CloudShark version 1.4. You must first create an API key on your CloudShark appliance that can be used for the export on the Cisco devices.

Here is guide to the IOS commands. A simple example is below.

Cisco IOS Network Management Configuration Guide, Release 12.4T, Embedded Packet Capture

Here is an example. Note the ‘#’ lines are comments and not actual IOS commands.

# -- you must be in enable mode to start a capture
enable

# -- first you must define a capture buffer. There are more options for size,
# etc.
monitor capture buffer DM_TEST_CAPTURE

# -- you must define a capture point. This can be interface specific or all
# -- interfaces.
monitor capture point ip cef CAP_POINT all both

# -- the capture buffer must be associated with a capture point
monitor capture point associate CAP_POINT DM_TEST_CAPTURE

# -- This is how you start the capture
monitor capture point start all

# -- Here I am generating some sample traffic
ping 172.16.1.1

# -- This is how you stop the capture
monitor capture point stop all

# -- Optionally you can view the packets in IOS (not recommended)
show monitor capture buffer DM_TEST_CAPTURE dump

# -- Now you can export your capture buffer to your cloudshark appliance using
# -- your API key
monitor cap buff DM_TEST_CAPTURE export http://10.0.0.190/api/v1/19ce32f269143a378f6faada7a0c73fe/upload

Now you can view your capture file through your CloudShark appliance. The API keys can be configured to apply specific tags to your capture or you can apply tags by adding arguments to the URL using the additional_tags argument. For example:

text monitor cap buff DM_TEST_CAPTURE export http://10.0.0.190/api/v1/19ce32f269143a378f6faada7a0c73fe/upload?additional_tags=lab-network `

If you are using the additional_tags argument to the URL, you can not type a ‘?’ character in the Cisco IOS CLI without escaping it first. Use Control-V to escape the ‘?’ character. Type Control-V then ?.

About CloudShark

CloudShark is made by QA Cafe, a technology company based in Portsmouth, NH. Our passion for packet captures has grown out of our other product CDRouter.

Get in touch via our Contact us page or by following us on your favorite service: