Filter
Top Products
CHAPTER
13-1
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
13
Displaying and Capturing Live Traffic on an
Interface
This chapter describes how to display, capture, copy, and erase packet files. It contains the following
sections:
• Packet Display And Capture Notes and Caveats, page 13-1
• Understanding Packet Display and Capture, page 13-2
• Displaying Live Traffic on an Interface, page 13-2
• Capturing Live Traffic on an Interface, page 13-4
• Copying the Packet File, page 13-6
• Erasing the Packet File, page 13-7
Packet Display And Capture Notes and Caveats
The following notes and caveats apply to capturing packet files:
• Although capturing live traffic off the interface does not disrupt any of the functionality of the
sensor, it does cause significant performance degradation.
• Changing the interface configuration results in abnormal termination of any packet command
running on that interface.
• You can configure packet capture/display restrictions using the permit-packet-logging true | false
command.
• On IPS sensors with multiple processors (for example, the IPS 4260 and IPS 4270-20), packets may
be captured out of order in the IP logs and by the packet command. Because the packets are not
processed using a single processor, the packets can become out of sync when received from multiple
processors.
• When the IPS 4510 and IPS 4520 are configured in VLAN pairs, the packet display command does
not work without the VLAN option if the expression keyword is also used.
For More Information
For detailed information about the packet-related command restrictions, see Configuring Packet
Command Restriction, page 4-24.