1、1 2005, Cisco Systems, Inc. All rights reserved.Packet Capture Packet CapturingBy: wyuFeb, 2006 2001, Cisco Systems, Inc. All rights reserved. 2 2005, Cisco Systems, Inc. All rights reserved.Agenda1.Packet Capture Tools2.General Packet Capture Mode3.Capture Tips4.Using 7600 ELAM 2001, Cisco Systems,
2、 Inc. All rights reserved. 3 2005, Cisco Systems, Inc. All rights reserved.Packet Capture/Analysis ToolsMost Commonly Used Packet Capture/Analysis ToolCommercial Equipment: Agilent, Ixia, Spirent, etc.PC based Software: Packet Sniffer, Ethereal, TCPdump, etc. Cisco Proprietary: Pagent, ELAM 2001, Ci
3、sco Systems, Inc. All rights reserved. 4 2005, Cisco Systems, Inc. All rights reserved.General Packet Capture ModeContinuous Packet Capturing- Capture all packets that meets the condition that set by users in a fixed packet buffer.- Packets are stored in the ring-type buffer and dropped in first-in
4、first-out basis. Depending on the equipment vendor, capturing could stop whenever the packet buffer is full. - Packet buffer size can be adjusted by usersTriggered Packet Capturing- Packet capturing starts only when triggered condition meets.- Capture stops after packet buffer is felt- Users might b
5、e able to set number of packets to be saved before trigger packets occurs 2001, Cisco Systems, Inc. All rights reserved. 5 2005, Cisco Systems, Inc. All rights reserved.Capture TipsAlways set good filters- Eliminate unwanted packets begin capture and waste buffer memory- Narrowed the scope for what
6、packets to look for- Be aware of promiscuous mode being set by default, especially in the Ethernet case,it capture everything on the wire. Ensure correct physical layer property setting and L2 Protocol- Eliminate the possibility for not being able to capture packets due to CRC or Scrambling incorrec
7、tly set- Set with correct L2 protocol, it helps the packet analyzer to decode packet with correct packet format as cases like encapsulation PPP/HDLC 2001, Cisco Systems, Inc. All rights reserved. 6 2005, Cisco Systems, Inc. All rights reserved.My favorite capture setupTrafficSourceUUT Remote EndFibe
8、r SplitterCapture ToolPackets capturedOn this way out 2001, Cisco Systems, Inc. All rights reserved. 7 2005, Cisco Systems, Inc. All rights reserved.Using 7600 ELAMWhats ELAM- ELAM Embedded Logic Analyzer Module- It is a EARL built-in logic analyzer that can be used as a packet capture tool for supe
9、rman and tycho ASICsWhat can it do and how to use it? How to enable it ? By configuring service internal. Where can I use it ? On any module that has an EARL7 ASIC complex. A Supervisor 720 or a DFC3 capable card. On which prompt do I start it ? Either RP or SP prompt. How many packets can I capture
10、 ? ONE How do I find the packet that I need ? By setting a trigger. How do I find out which ASICs are available ?sh platform capture system asic Remember, ELAM only captures on superman and tycho asic! 2001, Cisco Systems, Inc. All rights reserved. 8 2005, Cisco Systems, Inc. All rights reserved.SUP
11、720 ASICs Physical Location 2001, Cisco Systems, Inc. All rights reserved. 9 2005, Cisco Systems, Inc. All rights reserved.7600 Logical Block Diagram 2001, Cisco Systems, Inc. All rights reserved. 10 2005, Cisco Systems, Inc. All rights reserved.SUP Complex : ASICs Superman L2 Forwarding ASIC EARL7
12、Tycho L3 Forwarding, Security and QoS ACL ASIC - EARL7 Super Solano 18 port Crossbar ASIC for the Sup720 that provides an aggregate bandwidth of 360 Gbps Pinnacle 4 port Gigabit ASIC Hyperion Fabric Interface and Multicast Replication ASIC ; NextGen Titan & Medusa Combo Titan ASIC which does Layer 2/3 packet replication Medusa Crossbar & Bus Fabric ASIC for Constellation+ and Super Constellation Systems
