Viewing packet sniffing information

Last Updated : Aug 18, 2015 |

Procedure

  1. You can enter show capture to view information about the packet sniffing configuration and the capture state.

    For example:

    Gxxx-001> show capture
Capture service is enabled and inactive
Capture start time 23/08/2015-13:57:40
Capture stop time 23/08/2015-13:58:23
Current buffer size is 1024 KB
Buffer mode is cyclic
Maximum number of bytes captured from each frame: 1515
Capture list 527 on interface FastEthernet 10/3
Number of captured frames in file: 3596 (out of 3596 total captured frames)
Size of capture file: 266 KB (26.6 %)
    Note:

    The number of captured frames can be larger than the number of the frames in the buffer because the capture file may be in cyclic mode.

  2. You can use the show capture-buffer hex command to view a hex dump of the captured packets.

    However, for a proper analysis of the captured packets, you should upload the capture file and analyze it using a sniffer application, as described in the following sections.

Example

The following is an example of the show capture-buffer hex command:

Gxxx-001> show capture-buffer hex
Frame number: 1
Time relative to first frame (D H:M:S:Micro-S): 0, 0:0:0.0
Packet time: 14/01/1970-13:24:55.583598
Frame length: 60 bytes
Capture Length: 60 bytes
00000000:ffff ffff ffff 0040 0da9 4201 0806 0001    .......@..B.....
00000010:0800 0604 0001 0040 0da9 4201 9531 4e7a    .......@..B..1Nz
00000020:0000 0000 0000 9531 4e7a 0000 0000 0000    .......1Nz......
00000030:0000 0000 0000 0000 0000 0000              ............
Frame number: 2
Time relative to first frame (D H:M:S:Micro-S): 0, 0:0:0.76838
Packet time: 14/01/1970-13:24:55.660436
Frame length: 60 bytes
Capture Length: 60 bytes
00000000:ffff ffff ffff 0040 0d8a 5455 0806 0001    .......@..TU....
00000010:0800 0604 0001 0040 0d8a 5455 9531 4e6a    .......@..TU.1Nj
00000020:0000 0000 0000 9531 4e6a 0000 0000 0000    .......1Nj......
00000030:0000 0000 0000 0000 0000 0000              ............