Sniffer / Packet trace on Nexus7000 or Nexus7k
- Cisco Nexus platform is built on a Linux server as the control plane, with a Cisco version of wireshark.
- It can only capture packets that go to the control-plane, not on the data plane.
- It is possible with a ACL int the data-plane to force packets to go to the control plane and then capture them.
- Setup acl with log entries to punt traffic to control plain.
! no ip access-list aclSniffLocal ip access-list aclSniffLocal statistics per-entry ! with out log, exclude from logging. permit udp 10.10.0.31/32 10.11.1.0/24 ! permit tcp 10.10.0.0/16 10.11.1.0/24 log ! finally allow all traffic, we don't want to block any traffic. permit ip any any !
- Add acl to interface/vlan
interface vlan 10 ip access-group aclSniffLocal in ip access-group aclSniffLocal out
- Protect Nexus incase we make a mistake and log to-many packets/second.
hardware rate-limiter access-list-log 250
- Run the capture, and dump packets to screen and into a file.
ethanalyzer local interface inband capture-filter "net 10.1.1.0/24" limit-captured-frames 200 write bootflash:sniff-20140210-ecnVoip