Explore Cisco
How to Buy

Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

Configure Packet Capture on Cisco SCE 8000

Available Languages

Download Options

  • PDF     (6.0 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (71.7 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (65.8 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:May 16, 2016
Document ID:200464

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

This document describes the steps to enable Flow Capture on Cisco Service Control Engine (SCE) 8000 device. This feature helps to capture the traffic flow between a particular source and destination, through the SCE. The packet capture is important to troubleshoot any classification issue on the SCE device. As this feature helps to capture the traffic based on subscriber IP address, network IP address, transport protocol and so on, it is very useful to capture a specific flow through the SCE device.

Prerequisites

Requirements

Cisco recommends that you have knowledge of Cisco Service Control Solutions.

Components Used

The information in this document is based on the test  carried out on SCE 8000 with SCOS version 5.2.0, however this document is not restricted to any specific software version. 

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Background Information

Cisco recommends that the users are aware of the impact of this feature on the SCE device. If you enable flow capture, it might impact the performance of the SCE. The SCE might not perform any Deep Packet Inspection (DPI) on the specific flow and no Raw Data Records (RDR) are generated for that flow. Hence, it is recommended to enable this feature only to troubleshoot the issue and disable the same as soon as the required information is captured.

Configure

Step 1. Configure the traffic rule. The traffic rule defines the flow needs to be captured. Specify the subscriber and the network IP address and the trasnport protocol. The command mentioned configures the subscriber side IP address as 192.168.1.1, network side IP  address and transport protocol if any.

SCE8000(config)#>interface LineCard 0 
 SCE8000(config if)#>traffic-rule name flowcapture IP-addresses subscriber-side 192.168.1.1/32 network-side all protocol all direction both traffic-counter none action flow-capture

In order to configure the duration of the capture as unlimited, default is 3600 seconds command is used.

 SCE8000(config if)#>flow-capture controllers time Unlimited

Step 2. Start the capture. With this, SCE starts to capture the traffic and record the same in the Packet_capture.cap file in the FTP server.

SCE8000#> flow-capture start format cap file-name-prefix ftp://myuser:mypassword@10.1.1.1/Packet_capture

Step 3. Initiate the traffic through the SCE, which needs to be captured.

Step 4. Verify that the SCE the traffic is recorded with this command.

 SCE8000-1#>show interface LineCard 0 flow-capture 
 Flow Capture Status (module #1): 
 -------------------------------- 
 Flow capture status:           RECORDING 
 Capturing type:                ONLINE 
 Target file name:              ftp://myuser:mypassword@10.1.1.1/Packet_capture.cap 
 Target file size (bytes):      6040 
 Time limit  (sec):             Unlimited 
 Max L4 payload length (bytes): Unlimited 
 Number of recorded packets:    57 
 Number of lost packets:        0

Step 5. After the required infiormation is collected, stop the flow capture.

 SCE8000#> flow-capture stop

Step 6. Remove the traffic rule.

SCE8000(config)#>interface LineCard 0 
 SCE8000(config if)#>no traffic-rule name flowcapture

Verify

There is currently no verification procedure available for this configuration.

Troubleshoot

There is currently no specific troubleshooting information available for this configuration.

Related Information

Cisco SCE 8000 Installation and Configuration Guide

TAC Authored

Contributed by Cisco Engineers

  • Resh Kookkanath
    Cisco TAC Engineer

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products