{"id":545,"date":"2012-11-07T08:48:17","date_gmt":"2012-11-07T07:48:17","guid":{"rendered":""},"modified":"2018-11-01T00:47:12","modified_gmt":"2018-10-31T23:47:12","slug":"router-ip-traffic-export-router-packet-capture-capabilities","status":"publish","type":"post","link":"https:\/\/nil.uniza.sk\/en\/router-ip-traffic-export-router-packet-capture-capabilities\/","title":{"rendered":"Router IP Traffic  Export &#8211; the router packet capture capabilities"},"content":{"rendered":"<p>\n\thttp:\/\/www.cisco.com\/en\/US\/docs\/ios\/12_4t\/12_4t11\/ht_rawip.html<\/p>\n<p>\n\tCisco switches provides SPAN and RSPAN <span style=\"background-color:#ffff00;\">feature w<\/span>hich is suitable for monitoring and capturing packets flowing through switch ports or VLANs. But this feature is not provided on Cisco routers, therefore if you look for it there is not result.<\/p>\n<p>\n\tCisco routers provides (of course check on the cisco support page for your device and IOS) another features which should be used for traffic monitoring and capturing. Searching for this I&#39;ve found two posibilities:<\/p>\n<ul>\n<li>\n\t\t<a href=\"http:\/\/www.cisco.com\/en\/US\/docs\/ios\/12_4t\/12_4t11\/ht_rawip.html\" target=\"_blank\">Router IP traffic Export (Raw IP)<\/a><\/li>\n<li>\n\t\tCisco IOS Embedded Packet Capture<\/li>\n<\/ul>\n<h1>\n\tRouter IP Traffic Export (RITE)<\/h1>\n<p>\n\t<strong>Notes from the Cisco site:<\/strong><\/p>\n<p>\n\t<em>IP Traffic Export allows you to configure your router to export IP packets received on multiple, simultaneous WAN or LAN interfaces. The unaltered IP packets are exported on a single LAN or VLAN interface, thereby, easing deployment of protocol analyzers and monitoring devices.<\/em><\/p>\n<p>\n\t&nbsp;<\/p>\n<p>\n\t<em>The Router IP Traffic Export Packet Capture Enhancements feature allows you to configure your router to capture IP packets in a buffer within the router, and then to dump these packets into a specified memory device. <\/em><\/p>\n<p>\n\t&nbsp;<\/p>\n<p>\n\tSo, we&#39;ll try it to check how does it work and how to use it.<\/p>\n<h1>\n\tConfiguration<\/h1>\n<p>\n\tTo configure this feature we have to follow three steps:<\/p>\n<ul>\n<li>\n\t\tConfigure IP traffic export<\/li>\n<li>\n\t\tConfigure IP traffic capture<\/li>\n<li>\n\t\tDisplay captured data<\/li>\n<\/ul>\n<h2>\n\tConfiguring of IP traffic export<\/h2>\n<p>\n\t<span class=\"content\">Main task is <\/span>to configure traffic export profile, which is used to define <em><strong>monitored <\/strong><\/em>interface through which traffic is entering\/leaving and outgoing interface (<em><strong>monitoring<\/strong><\/em>), to which the traffic will be exported. One device support multiple export profiles.<\/p>\n<p>\n\tLets do that in general:<\/p>\n<pre>\r\n1. enable\r\n2. configure terminal\r\n3. ip traffic-export profile profile-name\r\n! create the RITE profile\r\n\r\n4. interface interface-name\r\n! specify the outgoing interface where the traffic will be exported\r\n\r\n5. bidirectional\r\n! export incoming and outgoing traffic\r\n\r\n6. mac-address H.H.H\r\n! where H.H.H is the destination mac addess of host where we will export an IP traffic\r\n\r\n7. incoming {access-list {standard | extended | named} | sample one-in-every packet-number}\r\n!optional\r\n\r\n8. outgoing {access-list {standard | extended | named} | sample one-in-every packet-number}\r\n!optional\r\n\r\n9. exit\r\n10. interface type number\r\n11. ip traffic-export apply profile-name<\/pre>\n<p>\n\tand in practise I had prepared a small demonstration network network<\/p>\n<h2>\n\tTopology<\/h2>\n<p>\n\tThe topology is simulated within GNS3 and consist of two linux TinyCore machines connected through the R1 cisco router. The fa 1\/0 interface is connected to my real OS where is wireshark running.<\/p>\n<p>\n\t<img decoding=\"async\" alt=\"topology\" src=\"\/wp-content\/uploads\/files\/image\/Cisco-practical\/RITE\/topo.png\" style=\"width: 600px; height: 333px; border-width: 1px; border-style: solid;\" \/><\/p>\n<p>\n\t&nbsp;<\/p>\n<h2>\n\tRITE configuration<\/h2>\n<pre>\r\nR1(config)#ip traffic-export profile MY_PROFILE\r\nR1(conf-rite)#interface fas 1\/0\r\nR1(conf-rite)#bidirectional\r\n! MY PC mac address - ipconfig \/all\r\nR1(conf-rite)#mac-address 3C97.0E68.3683\r\nR1(conf-rite)#exit\r\nR1(config)#int fa 0\/0\r\nR1(config-if)#ip traffic-export apply MY_PROFILE\r\n\r\n<span style=\"background-color:#ffffe0;\">*Mar  1 00:24:15.723: %RITE-5-ACTIVATE: Activated IP traffic export on interface FastEthernet0\/0\r\n<\/span>\r\nR1(config-if)#^Z\r\n\r\nR1#\r\n\r\n*Mar  1 00:24:17.471: %SYS-5-CONFIG_I: Configured from console by console<\/pre>\n<div>\n\t&nbsp;<\/div>\n<h2>\n\tVerification<\/h2>\n<p>\n\tSimple Ping from one linux-tinycore1 machine on the other one<\/p>\n<p>\n\t<img decoding=\"async\" alt=\"tinylinux\" src=\"\/wp-content\/uploads\/files\/image\/Cisco-practical\/RITE\/tinycore.png\" style=\"font-size: 11.1999998092651px; width: 600px; height: 484px; border-width: 1px; border-style: solid;\" \/><\/p>\n<p>\n\t&nbsp;<\/p>\n<p>\n\tis visible within my wireshark<\/p>\n<p>\n\t<img decoding=\"async\" alt=\"\" src=\"\/wp-content\/uploads\/files\/image\/Cisco-practical\/RITE\/ws.png\" style=\"width: 600px; height: 192px; border-width: 1px; border-style: solid;\" \/><\/p>\n<p>\n\t&nbsp;<\/p>\n<h2>\n\tVerification on the router<\/h2>\n<pre>\r\n<strong><span style=\"background-color:#ffffe0;\">R1#show ip traffic-export<\/span><\/strong>\r\nRouter IP Traffic Export Parameters\r\nMonitored Interface             FastEthernet0\/0\r\n        Export Interface                FastEthernet1\/0\r\n        Destination MAC address 3c97.0e68.3683\r\n        bi-directional traffic export is on\r\nOutput IP Traffic Export Information    Packets\/Bytes Exported    76\/6384\r\n        Packets Dropped           0\r\n        Sampling Rate             one-in-every 1 packets\r\n        No Access List configured\r\nInput IP Traffic Export Information     Packets\/Bytes Exported    89\/7556\r\n        Packets Dropped           0\r\n        Sampling Rate             one-in-every 1 packets\r\n        No Access List configured\r\n        Profile MY_PROFILE is Active<\/pre>\n<div>\n\t&nbsp;<\/div>\n<p>\n\t&nbsp;<\/p>\n<h2>\n\t<strike>Configuring of IP traffic capture<\/strike><\/h2>\n<pre>\r\n<strike>1. enable\r\n2. configure terminal\r\n3. ip traffic-export profile profile-name mode capture\r\n4. bidirectional\r\n5. incoming {access-list {standard | extended | named} | sample one-in-every packet-number}\r\n6. outgoing {access-list {standard | extended | named} | sample one-in-every packet-number}\r\n7. length bytes\r\n8. exit\r\n9. interface type number\r\n10. ip traffic-export apply profile-name size size<\/strike><\/pre>\n<p>\n\t&nbsp;<\/p>\n<h2>\n\t<strike>Displaing captured data<\/strike><\/h2>\n<h1 class=\"title-section title-section-only\">\n\t<strike>Cisco IOS Embedded Packet Capture<\/strike><\/h1>\n<p>\n\t<strike>http:\/\/www.cisco.com\/en\/US\/products\/ps9913\/products_ios_protocol_group_home.html<\/strike><\/p>","protected":false},"excerpt":{"rendered":"<p>\n\thttp:\/\/www.cisco.com\/en\/US\/docs\/ios\/12_4t\/12_4t11\/ht_rawip.html<\/p>\n<p>\n\tCisco switches provides SPAN and RSPAN <span style=\"background-color:#ffff00;\">feature w<\/span>hich is suitable for monitoring and capturing packets flowing through switch ports or VLANs. But this feature is not provided on Cisco routers, therefore if you look for it there is not result.<\/p>","protected":false},"author":7,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","_kad_blocks_custom_css":"","_kad_blocks_head_custom_js":"","_kad_blocks_body_custom_js":"","_kad_blocks_footer_custom_js":"","_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"footnotes":""},"categories":[751,687,695],"tags":[],"class_list":["post-545","post","type-post","status-publish","format-standard","hentry","category-monitoring-en","category-monitoring-management-measurement","category-netacad-en"],"taxonomy_info":{"category":[{"value":751,"label":"Monitoring"},{"value":687,"label":"Monitoring, Management, Measurement"},{"value":695,"label":"NetAcad"}]},"featured_image_src_large":false,"author_info":{"display_name":"admin","author_link":"https:\/\/nil.uniza.sk\/en\/author\/admin\/"},"comment_info":1,"category_info":[{"term_id":751,"name":"Monitoring","slug":"monitoring-en","term_group":0,"term_taxonomy_id":749,"taxonomy":"category","description":"","parent":747,"count":2,"filter":"raw","cat_ID":751,"category_count":2,"category_description":"","cat_name":"Monitoring","category_nicename":"monitoring-en","category_parent":747},{"term_id":687,"name":"Monitoring, Management, Measurement","slug":"monitoring-management-measurement","term_group":0,"term_taxonomy_id":685,"taxonomy":"category","description":"","parent":0,"count":5,"filter":"raw","cat_ID":687,"category_count":5,"category_description":"","cat_name":"Monitoring, Management, Measurement","category_nicename":"monitoring-management-measurement","category_parent":0},{"term_id":695,"name":"NetAcad","slug":"netacad-en","term_group":0,"term_taxonomy_id":693,"taxonomy":"category","description":"","parent":0,"count":9,"filter":"raw","cat_ID":695,"category_count":9,"category_description":"","cat_name":"NetAcad","category_nicename":"netacad-en","category_parent":0}],"tag_info":false,"_links":{"self":[{"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/posts\/545","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/comments?post=545"}],"version-history":[{"count":0,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/posts\/545\/revisions"}],"wp:attachment":[{"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/media?parent=545"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/categories?post=545"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/tags?post=545"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}