Sniffer / Packet trace on Nexus7000 or Nexus7k

Links Cisco/RouterPacketCapture
Cisco Nexus platform is built on a Linux server as the control plane, with a Cisco version of wireshark.
- It can only capture packets that go to the control-plane, not on the data plane.
- It is possible with a ACL int the data-plane to force packets to go to the control plane and then capture them.
- Ref: http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9402/ps9512/white_paper_c11-554444.html

Cisco Config/Code

Setup acl with log entries to punt traffic to control plain.

!
no ip access-list aclSniffLocal
ip access-list aclSniffLocal
statistics per-entry
! with out log, exclude from logging.
permit udp 10.10.0.31/32   10.11.1.0/24
!
permit tcp 10.10.0.0/16   10.11.1.0/24  log
! finally allow all traffic, we don't want to block any traffic.
permit ip any any 
!

Add acl to interface/vlan

interface vlan 10
ip access-group aclSniffLocal in
ip access-group aclSniffLocal out

Protect Nexus incase we make a mistake and log to-many packets/second.
- ```
hardware rate-limiter access-list-log 250
```

Run the capture, and dump packets to screen and into a file.

ethanalyzer local interface inband capture-filter "net 10.1.1.0/24" limit-captured-frames 200 write bootflash:sniff-20140210-ecnVoip

...

CategoryCisco