05-29-2015, 09:54 AM
If you’re tired of setting up SPAN sessions to capture network traffic transiting your network and Cisco router, it’s time to start using Cisco’s Embedded Packet Capture (EPC), available from IOS 12.4.20T and above. We will show you how to configure Cisco’s Embedded Packet Capture, to capture packets transiting a Cisco router, save them to its flash disk or export them directly to an ftp/tftp server for further analysis with the help of a packet analyzer such as Colasoft Capsa (http://www.colasoft.com/capsa) or Wireshark (http://www.wireshark.org/).

We’ve selected to Colasoft Capsa (http://www.colasoft.com/capsa) as our packet analyzer because of its amazing breakdown and presentation of captured packets.

Finally, we've also included a number of useful Embedded Packet Capture troubleshooting commands to monitor the status of the capture points and memory buffer.

Let’s take a look at some of the basic features offered by Embedded Packet Capture:

Capture IPv4 and IPv6 packets in the Cisco Express Forwarding path
Ability to specify various capture buffer parameters
Export packet captures in PCAP format, enabling analysis with external tools such as Colasoft Capsa, Wireshark.
Display content of the capture buffer
Granularity of captured packets via Standard or Extended Access Control Lists (ACLs)

