Configuring packet sniffing settings

Last Updated : May 08, 2023 |

About this task

The packet sniffing service provides several administrative settings you can use to control the capture functionality. Use the following commands to configure packet sniffing settings. These commands are all used from general context, and require read/write access.

Procedure

  1. Use the capture buffer-mode command to specify the type of buffer to use.

    The available parameters are:

    • cyclic. Circular buffer that overwrites the oldest records when it is filled up. Use a cyclic buffer to store the most recent history of packet activity.

    • non-cyclic. Linear buffer that is used until it is filled up

    For example:

    Gxxx-001(super)# capture buffer-mode cyclic
Done!
Gxxx-001(super)#
  2. Use the capture buffer-size command to specify the maximum size of the capture buffer.

    Available values are 56 to 10000 KB. The default value is 1000 KB. To activate the change in buffer size, enter copy running-config startup-config, and reboot the Branch Gateway.

    For example:

    Gxxx-001(super)# capture buffer-size 2000
To change capture buffer size, copy the running
configuration to the start-up configuration file, and reset the device.
Gxxx-001(super)# copy running-config startup-config
Beginning copy operation .................... Done!
Gxxx-001(super)#
  3. Use the capture max-frame-size command to specify the maximum number of bytes captured for each packet.

    This command is useful, since in most cases, the packet headers contain the relevant information. Available values are 14 to 4096. The default value is 128 bytes.

    For example:

    Gxxx-001(super)# capture max-frame-size 4000
This command will clear the capture buffer
 - do you want to continue (Y/N)? y
Done!
Gxxx-001(super)#
    Note:

    When you change the maximum frame size, the Branch Gateway clears the capture buffer.

  4. Enter clear capture-buffer to clear the capture buffer.
    Tip:

    To reduce the size of the capture file, use any combination of the following methods:

    • Use the capture interface command to capture only from a specific interface.

    • Use the capture max-frame-size to capture only the first N octets of each frame. This command is valuable since it is the packets headers that contain the interesting information.

    • Use capture lists to select specific traffic.