##master-page:HomepageReadWritePageTemplate
##master-date:Unknown-Date
#format wiki
#language en
= Sniffer / Packet trace on Nexus7000 or Nexus7k =
 * Links [[Cisco/RouterPacketCapture]]
 * Cisco Nexus platform is built on a Linux server as the control plane, with a Cisco version of wireshark.
   * It can only capture packets that go to the control-plane, not on the data plane.
   * It is possible with a ACL int the data-plane to force packets to go to the control plane and then capture them.
   * Ref: http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9402/ps9512/white_paper_c11-554444.html
== Cisco Config/Code ==
 1. Setup acl with log entries to punt traffic to control plain.
    {{{
!
no ip access-list aclSniffLocal
ip access-list aclSniffLocal
statistics per-entry
! with out log, exclude from logging.
permit udp 10.10.0.31/32   10.11.1.0/24
!
permit tcp 10.10.0.0/16   10.11.1.0/24  log
! finally allow all traffic, we don't want to block any traffic.
permit ip any any 
!
}}}    

 1. Add acl to interface/vlan
   {{{
interface vlan 10
ip access-group aclSniffLocal in
ip access-group aclSniffLocal out
}}}

 1. Protect Nexus incase we make a mistake and log to-many packets/second.
    {{{
hardware rate-limiter access-list-log 250
}}}

 1. Run the capture, and dump packets to screen and into a file.
    {{{
ethanalyzer local interface inband capture-filter "net 10.1.1.0/24" limit-captured-frames 200 write bootflash:sniff-20140210-ecnVoip
}}}
...
----
CategoryCisco