Contents

monitor capture through show monitor capture
monitor capture
monitor capture buffer
monitor capture point
monitor capture point associate
monitor capture point disassociate
monitor capture point start
monitor capture point stop
show monitor capture

monitor capture through show monitor capture

monitor capture

To enable and configure monitor packet capturing, use the the monitor capture privileged EXEC mode command. To disable monitor packet capturing, use the no form of this command.

monitor capture [buffer size size] [circular | linear] [dot1q] [filter acl-num | exp-acl-num | acl-name] [length bytes] {clear [filter] | export buffer location | schedule at hh : mm : ss [date [month year] ] | start [for number {seconds | packets} ] | stop}

no monitor capture [buffer size size] [circular | linear] [dot1q] [filter acl-num | exp-acl-num | acl-name] [length bytes] [clear [filter] | export buffer location | schedule at hh : mm : ss [date [month year] ] ]

Syntax Description

buffer size size	Specifies the capture buffer size in kilobytes. Range: 32 to 65535. Default: 2048 Kb.
circular \| linear	Specifies a circular or linear capture buffer. The default is linear.
clear	Clears the capture buffer and sets the number of captured packets to zero.
dot1q	Includes dot1q information in the monitor capturing.
export buffer	Exports to remote location.
filter	Specifies that packets from a specified ACLs only are sent to the capture buffer.
acl-num	IP access list (standard or extended). Range: 1 to 199.
exp-acl-num	IP expanded access list (standard or extended). Range: 1300 to 2699.
acl-name	ACL name.
length size	Specifies the capture length of each packet in bytes. Range: 0 to 9216. Default: 68.
location	Location to dump capture buffer. Valid values are as follows: dot1q location --Specifies the dot1q capture buffer location. bootflash: --Location to dump buffer. disk0: --Location to dump buffer. ftp: --Location to dump buffer. http: --Location to dump buffer. https: --Location to dump buffer. rcp: --Location to dump buffer. scp: --Location to dump buffer. sup-bootdisk: --Location to dump buffer. tftp: --Location to dump buffer.
schedule at	Schedules the capture at a specific time/date.
hh : mm : ss	Time in hours:minutes:seconds. Range: hours: 0 to 23; minutes: 0 to 59; seconds: 0 to 59.
date	(Optional) Date. Range: 1 to 31.
month	(Optional) Month. Range: 1 to 12.
start	Starts capturing the packets to the beginning of the buffer.
for	(Optional) Specifies the length of time in seconds or the number of packets.
number	Stops the capture after the specified number of seconds or packets. Range: 1 to 4294967295.
stop	Moves the capture to the OFF state.

Command Default

Capture buffer is disabled by default.

Command Modes

EXEC (>)

Command History

Release	Modification
12.2(33)SXI	This command was introduced.

Usage Guidelines

The buffer size size keywords and argument defines the buffer size that is used to store the packet.

The length size keyword and argument copies the specified number of bytes of data from each packet. The default setting of 68 bytes is adequate for IP, ICMP, TCP, and UDP. If you set the length to 0, the whole packet is copied to the buffer.

The linear capture buffer mode specifies that capture stops when the end of the capture buffer is reached. In the circular capture buffer mode, the capture will begin to overwrite earlier entries when the capture buffer becomes full. Changing the buffer mode or the buffer length automatically stops the capture.

If the ACL specified is configured, it is used for applying the filter in the software. When you specify a capture filter ACL in the start command, the new ACL will not override any configured ACLs. The new ACL will execute in software.

If you configure the capture schedule, the capture schedule stops the capture start for the specified future time. This is the same as manually starting a capture at the specified time. If any capture is already running, that capture is stopped and the buffer is cleared.

The format for time and date is hh:mm:ss dd mmm yyyy. The time zone is GMT. The hour is specified in 24-hour notation, and the month is specified by a three-letter abbreviation. For example, to set a capture starting time of 7:30 pm on October 31, 2008, use the notation 19:30:00 31 oct 2008.

If you do not enter the start or stop keyword, the capture buffer is initialized and set in the OFF state.

If you enter the no monitor capture command without entering any keywords or arguments, capture is stopped and the capture buffer is deleted. After entering the no form of the monitor capture command, the capture buffer cannot be displayed or exported. If you specify the length or buffer size with the no monitor capture command, the capture is not deleted and the length or buffer size is set to the default values. The start and stop keywords are not valid with the no monitor capture command.

To clear the EXEC configurations or any capture schedules, enter the clear keyword. The clear keyword clears the capture buffer and sets the number of captured packets to zero.

Examples

This example shows how to configure the capture length initially before starting the capture:

Router# monitor capture length 128
 
Router# monitor capture start
Router# monitor capture stop

This example shows how to start a new capture with non-default values:

Router# monitor capture length 100 circular start
Router# monitor capture stop

Related Commands

Command	Description
show monitor capture	Displays the capture buffer contents.

monitor capture buffer

To configure a capture buffer to capture packet data, use the monitor capture buffercommand in privileged EXEC mode. To stop capturing packet data into the buffer, use the no form of this command.

monitor capture buffer buffer-name [clear | export export-location | filter access-list {ip-access-list | ip-expanded-list | access-list-name} | limit {allow-nth-pak nth-packet | duration seconds | packet-count total-packets | packets-per-sec packets} | [max-size element-size | size buffer-size] [circular | linear] ]

no monitor capture buffer buffer-name

Syntax Description

buffer-name	Name of the capture buffer.
circular	(Optional) Specifies that the buffer is of circular type.
clear	(Optional) Clears contents of capture buffer.
export export-location	(Optional) Exports data from capture buffer in PCAP format to the export location specified: ftp:, http:, https:, pram:, rcp:, scp:, tftp:.
filter access-list	(Optional) Configures filters to filter the packets stored in the capture buffer using access control lists (ACLs). Name or type of access lists can be specified as criteria for configuring the filters.
ip-access-list	(Optional) The IP access list number. Range is from 1 to 199.
ip-expanded-list	(Optional) The IP expanded access list number. Range is from 1300 to 2699.
access-list-name	(Optional) Name of the access list.
limit	(Optional) Limits the packets captured based on the parameters specified.
allow-nth-pak nth-packet	(Optional) Allows every nth packet in the captured data through the buffer.
duration seconds	(Optional) Specifies the duration of capture measured, in seconds. Range is from 1 to 2147483647.
packet-count total-packets	(Optional) Specifies the total number of packets captured. Range is from 1 to 2147483647.
packets-per-sec packets	(Optional) Specifies the number of packets copied per second. Range is from 1 to 2147483647.
linear	(Optional) Specifies that the buffer is of linear type. By default, the capture buffer is of linear type.
max-size element-size	(Optional) Maximum size of element in the buffer, in bytes. Range is from 68 to 9500.
size buffer-size	(Optional) Size of the buffer. Range is from 256 kilo bytes (KB) to 100 mega bytes (MB). The default value is 1 MB.

Command Default

Data packets are not captured into a capture buffer.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.4(20)T	This command was introduced.
12.2(33)SRE	This command was integrated into Cisco IOS Release 12.2(33)SRE.

Usage Guidelines

Use this command to configure the capture buffer. You can configure two types of capture buffers: linear and circular. When the linear buffer is full, data capture stops automatically. When the circular buffer is full, data capture starts from the beginning.

Use the limit keyword to control the rate at which packets are captured.

Examples

The following example shows how to define a capture buffer named pktrace1 that is up to 256KB long and includes 256 bytes per packet:

Router# monitor capture buffer pktrace1 circular size 256 max-size 256

The following example shows how to export the data from the pktrace1 buffer for analysis:

Router# monitor capture buffer pktrace1 export tftp://88.1.88.9/pktrace1

Related Commands

Command	Description
debug packet-capture	Enables packet capture infra debugs.
monitor capture point	Defines a monitor capture point and associates it with a capture buffer.
show monitor capture	Displays the contents of a capture buffer or a capture point.

monitor capture point

To define a monitor capture point, use the monitor capture pointcommand in privileged EXEC mode. To disable the monitor capture point, use the no form of this command.

monitor capture point {ip | ipv6} {cef capture-point-name interface-name interface-type {both | in | out} | process-switched capture-point-name {both | from-us | in | out} }

no monitor capture point {ip | ipv6} {cef capture-point-name interface-name interface-type | process-switched capture-point-name}

Syntax Description

ip	Configures an IPv4 capture point.
ipv6	Configures an IPv6 capture point.
cef	Specifies that the capture point contains Cisco Express Forwarding (CEF) packets.
capture-point-name	Name of the capture point.
interface-name interface-type	Specifies the interface name and type. For more information, use the question mark (?) online help function.
both	Specifies that the packets are captured in ingress and egress directions.
in	Specifies that the packets are captured in ingress direction.
out	Specifies that the packets are captured in egress direction.
process-switched	Specifies that the capture point contains process switched packets.
from-us	Specifies that the packets are originating locally.

Command Default

Monitor capture points are not defined.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.4(20)T	This command was introduced.
12.2(33)SRE	This command was integrated into Cisco IOS Release 12.2(33)SRE.

Usage Guidelines

Two types of capture points can be defined: IPv4 and IPv6. Once defined, use the monitor capture point associate command to associate the capture point with a capture buffer. Use the monitor capture point start command to start packet capture.

Multiple packet capture points can be activated on a given interface. For example, Border Gateway Protocol (BGP) packets can be captured into one capture buffer and Open Shortest Path First (OSPF) packets into another.

Examples

The following example shows how to define a capture point named ipceffa0/1 with CEF switching path and the Fast Ethernet interface 0/1:

Router# monitor capture point ip cef ipceffa0/1 fastEthernet 0/1 both

Related Commands

Command	Description
debug packet-capture	Enables packet capture infra debugs.
monitor capture buffer	Configures a capture buffer to capture packet data.
monitor capture point associate	Associates a monitor capture point with a capture buffer.
monitor capture point start	Enables a monitor capture point to start capturing packet data.
show monitor capture	Displays the contents of a capture buffer or a capture point.

monitor capture point associate

To associate a monitor capture point with a capture buffer, use the monitor capture point associatecommand in privileged EXEC mode.

monitor capture point associate capture-point-name capture-buffer-name

Syntax Description

capture-point-name	Name of the capture point to be associated with the capture buffer.
capture-buffer-name	Name of the capture buffer.

Command Default

Monitor capture points are not associated with capture buffers.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.4(20)T	This command was introduced.
12.2(33)SRE	This command was integrated into Cisco IOS Release 12.2(33)SRE.

Usage Guidelines

Use the monitor capture point command to define the capture points. Once the capture points are defined, use the monitor capture point associate command to associate a capture point with a capture buffer. This results in all packets captured from the specified capture point to be dumped into the associated capture buffer. A capture point can be associated with only one capture buffer.

Use the monitor capture point disassociate command to disassociate the specified capture point from the capture buffer.

Examples

The following example shows how to associate the ipceffa0/1 capture point to the pktrace1 capture buffer:

Router# monitor capture point associate ipceffa0/1 pktrace1

Related Commands

Command	Description
debug packet-capture	Enables packet capture infra debugs.
monitor capture buffer	Configures a capture buffer to capture packet data.
monitor capture point	Defines a monitor capture point.
monitor capture point disassociate	Disassociates a monitor capture point from the specified monitor capture buffer.
show monitor capture	Displays the contents of a capture buffer or a capture point.

monitor capture point disassociate

To disassociate a monitor capture point from its associations with a capture buffer, use the monitor capture point disassociatecommand in privileged EXEC mode.

monitor capture point disassociate capture-point-name

Syntax Description

capture-point-name

Specifies the name of the capture point to be disassociated from the capture buffer.

Command Default

Monitor capture points are not associated with capture buffers.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.4(20)T	This command was introduced.
12.2(33)SRE	This command was integrated into Cisco IOS Release 12.2(33)SRE.

Usage Guidelines

Use the monitor capture point associate command to associate a capture point with a capture buffer. This results in all packets captured from the specified capture point to be dumped into the associated capture buffer. A capture point can be associated with only one capture buffer.

Use the monitor capture point disassociate command to disassociate the specified capture point from the capture buffer.

Examples

The following example shows how to disassociate the ipceffa0/1 capture point from its capture buffer:

Router# monitor capture point disassociate ipceffa0/1

Related Commands

Command	Description
debug packet-capture	Enables packet capture infra debugs.
monitor capture buffer	Configures a capture buffer to capture packet data.
monitor capture point	Defines a monitor capture point.
monitor capture point associate	Associates a monitor capture point with a capture buffer.
show monitor capture	Displays the contents of a capture buffer or a capture point.

monitor capture point start

To enable a monitor capture point to start capturing packet data, use the monitor capture point startcommand in privileged EXEC mode.

monitor capture point start {capture-point-name | all}

Syntax Description

capture-point-name	Name of the capture point to start capturing packet data.
all	Configures all capture points to start capturing packet data.

Command Default

Data packets are not captured into a capture buffer.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.4(20)T	This command was introduced.
12.2(33)SRE	This command was integrated into Cisco IOS Release 12.2(33)SRE.

Usage Guidelines

Use this command to capture packet data at a traffic trace point into a buffer.

Once the capture point is defined, use the monitor capture point start command to enable the packet data capture. To stop capturing the packet data, use the monitor capture point stop command.

Examples

The following example shows how to start the packet capture:

Router# monitor capture point start ipceffa0/1
Mar 21 11:13:34.023: %BUFCAP-6-ENABLE: Capture Point ipceffa0/1 enabled.

Related Commands

Command	Description
debug packet-capture	Enables packet capture infra debugs.
monitor capture buffer	Configures a capture buffer to capture packet data.
monitor capture point	Defines a monitor capture point.
monitor capture point stop	Disables the packet capture.
show monitor capture	Displays the contents of a capture buffer or a capture point.

monitor capture point stop

To disable the packet capture, use the monitor capture point stopcommand in privileged EXEC mode.

monitor capture point stop {capture-point-name | all}

Syntax Description

capture-point-name	Name of the capture point to stop the packet capture.
all	Configures all capture points to stop the packet capture.

Command Default

Data packets are not captured into a capture buffer.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.4(20)T	This command was introduced.
12.2(33)SRE	This command was integrated into Cisco IOS Release 12.2(33)SRE.

Examples

Router# monitor capture point stop ipceffa0/1
Mar 21 11:14:20.152: %BUFCAP-6-DISABLE: Capture Point ipceffa0/1 disabled.

Related Commands

Command	Description
debug packet-capture	Enables packet capture infra debugs.
monitor capture buffer	Configures a capture buffer to capture packet data.
monitor capture point	Defines monitor capture points.
show monitor capture	Displays the contents of a capture buffer or a capture point.

show monitor capture

To display the contents of a capture buffer or a capture point, use the show monitor capturecommand in privileged EXEC mode.

show monitor capture {buffer {capture-buffer-name [parameters] | all parameters | merged capture-buffer-name1 capture-buffer-name2} [dump] [filter filter-parameters] } | point {all | capture-point-name}

Catalyst 6500 Series and Cisco 7600 Series

show monitor capture [buffer [start-index [end-index] ] [brief [acl {acl-list | exp-acl-list} ] | detail] [dump [nowrap dump-length] ] {acl-list exp-acl-list} | status]

Syntax Description

buffer	Displays the contents of the specified capture buffer.
capture-buffer-name	Name of the capture buffer.
parameters	(Optional) Displays values of parameters for the specified buffers or all buffers.
all	Displays values of parameters for all the buffers.
merged	Displays values of parameters for any two buffers specified.
capture-buffer-name1	Name of the first buffer to be merged.
capture-buffer-name2	Name of the second buffer to be merged.
dump	(Optional) Displays a hexadecimal dump of the captured packet in addition to the metadata.
filter	(Optional) Displays the filter parameters configured for packets stored in the buffer.
filter-parameters	(Optional) Displays the value of the specified parameter applied for defining the filter. Any of the following parameters can be specified: direction --Filters output based on direction. Two types of direction can be specified: ingress, egress. input-interface interface-type number --Filters packets on an input interface. l3protocol --Filters packets with specific L3 protocol. Three types of L3 protocols can be specified: ipv4, ipv6, MPLS. output-interface interface-type number --Filters packets on an output interface. pak-size minimum-size maximum-size --Filters output based on packet size. The minimum and maximum size for the packets must be specified. The range for the minimum size is from 1 to 2147483647 and the maximum size is from 23 to 2147483647. time hh : mm day month duration seconds --Filters packets from a specific date and time. The time is in the hh:mm format. The day, month of the year and duration, in seconds must be specified. Range for duration is from 1 to 2147483647.
point	Displays the contents of the capture point specified.
all	Displays all parameters for all the capture points.
capture-point-name	Displays all parameters for the specified capture point.
start-index	(Optional) The source index. The range is from 1 to 4294967295.
end-index	(Optional) The destination index. The range is from 1 to 4294967295.
brief	(Optional) Provides a brief output of the captured packet information.
acl	(Optional) Displays the output of captured packets for the specified access control list (ACL) only.
acl-list	The IP access list (standard or extended). The range is from 0 to 199.
exp-acl-list	The IP expanded access list (standard or extended). The range is from 1300 to 2699.
detail	(Optional) Provides a detailed output of the captured packet information.
dump	(Optional) Specifies the hexadecimal dump of the captured packets.
nowrap	(Optional) Prevents wrapping of the display output.
dump-length	(Optional) Specifies the hexadecimal dump length of the captured packets. The range is from 14 to 256.
status	(Optional) Displays the capture status.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.4(20)T	This command was introduced.
12.2(33)SXI	This command was integrated into Cisco IOS Release 12.2(33)SXI on Catalyst 6500 series routers.
12.2(33)SRD	This command was integrated into Cisco IOS Release 12.2(33)SRD on Cisco 7600 series routers.
12.2(33)SRE	This command was integrated into Cisco IOS Release 12.2(33)SRE.

Usage Guidelines

Note

The availability of keywords depends on your system and platform.

If you are using Cisco 6500 series routers or Cisco 7600 series, refer to the following usage guidelines:

You can enter the show monitor capture command when the capture buffer is not in the running state. You can enter the show monitor capture status command even when the capture is enabled to see how many packets are captured.

If you enter the show monitor capture command without any keywords or arguments, the output displays the configurations. If you enter the dump nowrap keywords, one hexadecimal line is printed per packet. Up to 72 characters of packet bytes is dumped.

If you enter the dump nowrap dump-length keywords and argument value , the specified length of bytes per line is dumped. If you enter the brief keyword, only the src ip, dest ip, src port, dest port, and protocol fields are displayed along with the packet length and item number.

If you enter the detail keyword, packets are decoded to the layer 4 protocol level and displayed. If you enter the dump keyword, non-IP packets are displayed in hexadecimal dump format. An ACL can be configured as a display filter so that only packets permitted by the ACL are displayed.

Examples

The following example shows how to display all parameters for all capture buffers:

Router# show monitor capture buffer all parameters
Capture buffer buff (circular buffer)
Buffer Size : 262144 bytes, Max Element Size : 68 bytes, Packets : 0
Allow-nth-pak : 0, Duration : 0 (seconds), Max packets : 0, pps : 0
Associated Capture Points:
Configuration:
monitor capture buffer buff circular 
Capture buffer buff1 (linear buffer)
Buffer Size : 262144 bytes, Max Element Size : 68 bytes, Packets : 0
Allow-nth-pak : 0, Duration : 0 (seconds), Max packets : 0, pps : 0
Associated Capture Points:
Configuration:

The table below describes the significant fields shown in the display.

Table 1 show monitor capture Field Descriptions
Field	Description
Buffer Size	Size of the buffer defined.
Max Element Size	Specifies the maximum packet size based on which the output has been filtered.
Allow-nth-pak	Specifies that every n th packet in the captured data through the buffer is allowed.
Associated Capture Points	Specifies all the capture points that are associated with capture buffers.

The following example shows how to display a hexadecimal dump of the captured packet. The report is self-explanatory and contains the interface type, switching path of the specified buffer, and a hexadecimal dump for the specified buffer.

Router# show monitor capture buff pktrace1 dump
11:13:00.593 EDT Mar 21 2007 : IPv4 Turbo      : Fa2/1 Fa0/1
65B6F500: 080020A2 44D90009 E94F8406 08004500  .. "DY..iO....E.
65B6F510: 00400F00 0000FE01 92AF5801 13025801  .@....~../X...X.
65B6F520: 58090800 4D1A1169 00000000 0005326C  X...M..i......2l
65B6F530: 01CCABCD ABCDABCD ABCDABCD ABCDABCD  .L+M+M+M+M+M+M+M
65B6F540: ABCDABCD ABCDABCD ABCDABCD ABCD00    +M+M+M+M+M+M+M. 
11:13:20.593 EDT Mar 21 2007 : IPv4 Turbo      : Fa2/1 Fa0/1
65B6F500: 080020A2 44D90009 E94F8406 08004500  .. "DY..iO....E.
65B6F510: 00400F02 0000FE01 92AD5801 13025801  .@....~..-X...X.
65B6F520: 58090800 FEF91169 00000000 0005326C  X...~y.i......2l
65B6F530: 4FECABCD ABCDABCD ABCDABCD ABCDABCD  Ol+M+M+M+M+M+M+M
65B6F540: ABCDABCD ABCDABCD ABCDABCD ABCDFF    +M+M+M+M+M+M+M.

The following example shows how to display all the capture points:

Router# show monitor capture point all
Status Information for Capture Point ipceffa0/1
IPv4 CEF
Switch Path: IPv4 CEF, Capture Buffer: pktrace1
Status : Inactive
Configuration:
monitor capture point ip cef ipceffa0/1 FastEthernet0/1 both
Status Information for Capture Point local
IPv4 CEF
Switch Path: IPv4 From Us, Capture Buffer: None
Status : Inactive

The table below describes the significant fields shown in the display.

Table 2 show monitor capture point all Field Descriptions
Field	Description
IPv4 CEF	Specifies that the capture point contains IPv4 Cisco Express Forwarding (CEF) packets.
Switch Path	Indicates the type of switching path used by the capture point.
Capture Buffer	Specifies the name of the capture buffer configured.
Status	Indicates the status of the capture point.

Examples

The following example shows how to display the captured packets in a specific access control list (ACL):

Router# show monitor capture buffer acl 1
Capture instance [1] :
======================
session status : up
rate-limit value : 10000
buffer-size : 2097152
capture state : ON [running for 00:02:12.736]
capture mode : Linear
capture length : 68

The table below describes the significant fields shown in the display.

Table 3 show monitor capture buffer acl Field Descriptions
Field	Description
session status	Indicates the status of the capture session.
rate-limit value	Specifies the rate at which packets are captured.
buffer-size	Specifies the capture buffer size, in bytes.
capture state	Indicates the status of the capture buffer.
capture mode	Indicates the shape of the capture buffer.
capture length	Specifies the length of the capture buffer.

The following example shows how to display all the packets in a capture buffer. The report is self-explanatory.

Router# show monitor capture buffer
1 IP: s=10.12.0.5 , d=224.0.0.10, len 60
2 346 0180.c200.000e 0012.44d8.5000 88CC 020707526F7
3 60 0180.c200.0000 0004.c099.06c5 0026 42420300000
4 60 ffff.ffff.ffff 0012.44d8.5000 0806 00010800060
5 IP: s=7.0.84.23 , d=224.0.0.5, len 116
6 IP: s=10.12.0.1 , d=224.0.0.10, len 60

The following example shows how to display packets that are decoded to the layer 4 protocol level. The report is self-explanatory.

Router# show monitor capture buffer detail
 
1 Arrival time : 09:44:30 UTC Fri Nov 17 2006
Packet Length : 74 , Capture Length : 68
Ethernet II : 0100.5e00.000a 0008.a4c8.c038 0800 
IP: s=10.12.0.5 , d=224.0.0.10, len 60, proto=88
2 Arrival time : 09:44:31 UTC Fri Nov 17 2006
Packet Length : 346 , Capture Length : 68
346 0180.c200.000e 0012.44d8.5000 88CC 020707526F757463031

The following example shows how to display the non-IP packets in hexadecimal dump format. The report is self-explanatory.

Router# show monitor capture buffer dump
 
1 IP: s=10.12.0.5 , d=224.0.0.10, len 60
08063810: 0100 5E00000A ..^...
08063820: 0008A4C8 C0380800 45C0003C 00000000 ..$H@8..E@.<....
08063830: 0258CD8F 0A0C0005 E000000A 0205EE6A .XM.....`.....nj
08063840: 00000000 00000000 00000000 00000064 ...............d
08063850: 0001000C 01000100 0000000F 0004 .............. 
2 346 0180.c200.000e 0012.44d8.5000 88CC 020707526F757465720415
3 60 0180.c200.0000 0004.c099.06c5 0026 4242030000000000800000
4 60 ffff.ffff.ffff 0012.44d8.5000 0806 0001080006040001001244
5 IP: s=7.0.84.23 , d=224.0.0.5, len 116
0806FCB0: 0100 5E000005 ..^...
0806FCC0: 0015C7D7 AC000800 45C00074 00000000 ..GW,...E@.t....
0806FCD0: 01597D55 07005417 E0000005 0201002C .Y}U..T.`......,
0806FCE0: 04040404 00000000 00000002 00000010 ................
0806FCF0: 455D8A10 FFFF0000 000A1201 0000 E]............

The following example shows how to display one hexadecimal line per packet, with up to 72 characters of packet bytes dumped. The report is self-explanatory.

Router# show monitor capture buffer dump nowrap
1 74 0100.5e00.000a 0008.a4c8.c038 0800 45C0003C000000
2 346 0180.c200.000e 0012.44d8.5000 88CC 020707526F7574
3 60 0180.c200.0000 0004.c099.06c5 0026 42420300000000
4 60 ffff.ffff.ffff 0012.44d8.5000 0806 00010800060400

Related Commands

Command	Description
debug packet-capture	Enables packet capture infra debugs.
monitor capture	Enables and configures monitor packet capturing.
monitor capture buffer	Configures a buffer to capture packet data.
monitor capture point	Defines a monitor capture point and associates it with a capture buffer.

Support

monitor capture through show monitor capture

Hierarchical Navigation

Downloads

monitor capture

Syntax Description

Command Default

Command Modes

Command History

Usage Guidelines

Examples

Related Commands

monitor capture buffer

Syntax Description

Command Default

Command Modes

Command History

Usage Guidelines

Examples

Related Commands

monitor capture point

Syntax Description

Command Default

Command Modes

Command History

Usage Guidelines

Examples

Related Commands

monitor capture point associate

Syntax Description

Command Default

Command Modes

Command History

Usage Guidelines

Examples

Related Commands

monitor capture point disassociate

Syntax Description

Command Default

Command Modes

Command History

Usage Guidelines

Examples

Related Commands

monitor capture point start

Syntax Description

Command Default

Command Modes

Command History

Usage Guidelines

Examples

Related Commands

monitor capture point stop

Syntax Description

Command Default

Command Modes

Command History

Examples

Related Commands

show monitor capture

Catalyst 6500 Series and Cisco 7600 Series

Syntax Description

Command Modes

Command History

Usage Guidelines

Examples

Examples

Related Commands

Programs

Programs

Programs

Programs