Yasser Auda CCIEv5 EPC Overview

download Yasser Auda CCIEv5 EPC Overview

of 5

description

Yasser Auda CCIEv5 EPC Overview

Transcript of Yasser Auda CCIEv5 EPC Overview

  • CCIEv5 EPC Overview By CCSI: Yasser Auda

    1

    Embedded Packet Capture (EPC) is a packet capture tool capture packets flowing to, through, and from the device then we can analyze them locally or save as packet capture (PCAP) file and export it for offline analysis by using a tool such as Wireshark. This tool is configured in exec mode , packets captured are stored within a buffer in DRAM , As a result the tool configuration is not stored within the router configuration and will not remain in place after a system reload. (Your EPC configurations are kept temporary in the router ) To configure EPC you to define two things and gives them a names: buffer point & capture point then attach the buffer point to your capture point . Buffer Point: Define temporary buffer in your DRAM that the captured packets are stored within. Capture Point: Define defines the location where the capture occurs. also defines whether the capture occurs for IPv4 or IPv6 and in which switching path (process versus cef). Notes from Cisco TAC: In releases earlier than Cisco IOS Release 15.0(1)M, the buffer size was limited to 512K. In releases earlier than Cisco IOS Release 15.0(1)M, the captured packet size was limited to 1024 bytes. The packet buffer is stored in DRAM and will not persist through reloads. The capture configuration is not stored in NVRAM and will not persist through reloads. The capture point can be defined to capture in the cef or process switching paths. The capture point can be defined to capture only on an interface or globally. When the capture buffer is exported in PCAP format, L2 information (such as Ethernet encapsulation) is not preserved Two types of data are stored in a capture buffer: Meta Data and Packet Data. Meta Data (which helps in filtering too) contains: A timestamp of when it is added to a buffer. Direction, egress or ingress. The switch path it captured. Encapsulation type corresponding to input/output interface to allow the decoding of L2. Offset to network start, to facilitate the decoding of L3, if complete L2 decoders are unavailable. L3 protocol ID, to facilitate the decoding of L3, if complete L2 decoders are unavailable.

  • CCIEv5 EPC Overview By CCSI: Yasser Auda

    2

    Configuring EPC commands 1-Create buffer point: R1#monitor capture buffer MYBUFFER size 512 max-size 1024 linear size is the size of this buffer in KB Max-size is number of bytes to capture per packet & can be limited to save space linear or circular is type of buffer: A linear buffer will stop capturing automatically when full. A circular buffer will continue to capture packet data (overwriting old data with newer as it fills. Optionally we can enable rate limit to Specify a max capture rate (in packets per second). Capture every "nth" packet. Or automatic limit criteria can be defined to: Stop the capture after a specified time interval. Stop the capture after capturing a given number of packets. R1#monitor capture buffer MYBUFFER limit? allow-nth-pak Allow every nth packet through duration Duration of capture packet-count Limit total Number of packets captured packets-per-sec Limit number of packets copied per sec Optionally a filter can also be applied to limit the capture to desired traffic. Define an Access Control List (ACL) within config mode and apply the filter to the buffer: ip access-list extended BUF-FILTER permit ip host 192.168.1.1 host 172.16.1.1 permit ip host 172.16.1.1 host 192.168.1.1 R1#monitor capture buffer MYBUFFER filter access-list BUF-FILTER 2-Create capture point: We define four things in capture point , protocols IPv4 or IPv6 Traffic , Forwarding method CEF or process switching , which interface and which traffic Direction under this interface : In (meaning capture at ingress) Out (meaning capture at egress) Both R1#monitor capture point ip process-switched MYPOINT

    3- Associate or attach your buffer point to your capture point R1#monitor capture point associate MYPOINT MYBUFFER We can associate more than one capture points to single capture buffer For example we can create one capture point for OSPF traffic and one for BGP traffic (ACL will help you to do that) Verification: R1#sh monitor capture point all

    R1#sh monitor capture buffer all parameters

  • CCIEv5 EPC Overview By CCSI: Yasser Auda

    3

    4-Start & Stop capturing traffic R1#monitor capture point start MYPOINT R1#monitor capture point stop MYPOINT 5-To view what you captured locally Show monitor capture buffer MYBUFFER dump 6-To save what you captured as pcap file and export to analyze with wireshark Monitor capture buffer MYBUFFER export tftp://10.1.1.1/capture.pcap

    EPC Lab

    R1 & R4 running OSPF process id 100 , area 0 R1 s1/0 10.1.14.1/24 loop 0 1.1.1.1/32 R4 s1/0 10.1.14.4/24 loop 0 4.4.4.4/32 1-Create space called MYBUFFER in your R1 volatile memory to store packets captured .with following requirements:

    -volatile memory space size is 1024KB

    -max packet size to capture 1024KB

    -volatile memory space must continue to capture packets even if buffer full.

    -capturing data should remain for 15 minutes duration.

    Create general ACL to be used later by network administrator in case he would like to capture specific type of protocols or ports.

    2- You will capture CEF -IPv4 packets ingress or egress interface serial 1/0 (capture point name will be MYPOINT) and associate it to your buffer point. 3- Start capturing data and ping 4.4.4.4, all you captured data must be saved as Yasser.pcap then exported to tftp server 10.1.15.5

  • CCIEv5 EPC Overview By CCSI: Yasser Auda

    4

    Answer: 1- R1(config)#ip access-list ext 101 R1(config-ext-nacl)#permit ospf any any R1(config-ext-nacl)#exit R1(config)#exit R1#monitor capture buffer MYBUFFER size 1024 max-size 1024 circular R1#monitor capture buffer MYBUFFER limit duration 900 R1#monitor capture buffer MYBUFFER filter access-list 101 2- R1#monitor capture point ip cef MYPOINT serial 1/0 both R1#monitor capture point associate MYPOINT MYBUFFER

    3- R1#monitor capture point start MYPOINT R1#ping 4.4.4.4 R1#monitor capture point stop MYPOINT R1#monitor capture buffer MYBUFFER export tftp://10.1.14.4/yasser.pcap

  • CCIEv5 EPC Overview By CCSI: Yasser Auda

    5

    Good Luck CCSI: Yasser Auda https://www.facebook.com/YasserRamzyAuda https://learningnetwork.cisco.com/people/yasser.r.a?view=documents https://www.youtube.com/user/yasserramzyauda


Senegal - AUDA-NEPAD

Senegal - AUDA-NEPAD

ARTIKEL JASSER AUDA

ARTIKEL JASSER AUDA

Clinical Trials Training Manual - AUDA-NEPAD

Clinical Trials Training Manual - AUDA-NEPAD

Home | AUDA

Home | AUDA

Gestion Empresarial Yasser

Gestion Empresarial Yasser

Yasser brand you

Yasser brand you

Proposed Classification Jasser Auda

Proposed Classification Jasser Auda

PAYNE, YASSER Page 1 YASSER ARAFAT PAYNE, Ph. D. 313 … Bios CVs/yasser-payne.pdf · PAYNE, YASSER Page 1 YASSER ARAFAT PAYNE, Ph. D. 313 Smith Hall Department of Sociology and Criminal

PAYNE, YASSER Page 1 YASSER ARAFAT PAYNE, Ph. D. 313 … Bios CVs/yasser-payne.pdf · PAYNE, YASSER Page 1 YASSER ARAFAT PAYNE, Ph. D. 313 Smith Hall Department of Sociology and Criminal

Yasser Auda CCIEv5 IPv4 Multicast Study Guide

Yasser Auda CCIEv5 IPv4 Multicast Study Guide

Auda Hazeem's presentation at QITCOM 2011

Auda Hazeem's presentation at QITCOM 2011

jasser auda hikam

jasser auda hikam

Teori Hukum Islam, Jasser Auda Pendahuluan

Teori Hukum Islam, Jasser Auda Pendahuluan

KAUNO SP(i)AUDA #1

KAUNO SP(i)AUDA #1

Yasser Auda Cciev5 Mpls Guide ( Ldp, Vrf Lite , Mpls VPN)

Yasser Auda Cciev5 Mpls Guide ( Ldp, Vrf Lite , Mpls VPN)

1. - NEPAD Home | AUDA-NEPAD

1. - NEPAD Home | AUDA-NEPAD

Yasser Arafat

Yasser Arafat

WHITE PAPER - AUDA-NEPAD

WHITE PAPER - AUDA-NEPAD

SelectedApplication - Home | AUDA

SelectedApplication - Home | AUDA

NEPAD WEEKLY - NEPAD Home | AUDA-NEPAD

NEPAD WEEKLY - NEPAD Home | AUDA-NEPAD

Komponen Darah- Pelat( Dr Auda )

Komponen Darah- Pelat( Dr Auda )