Set Up Packet Capture to Monitor Network Traffic
In addition to aggregating data from multiple NAMs, Prime Infrastructure makes it easy to actively manage and troubleshoot network problems using multiple NAMs and ASRs.
Note |
This feature is supported for NAMs and ASRs. For more information on minimum Cisco IOS XE version supported on ASRs, see the Cisco ASR 1000 Series Aggregation Services Routers Release Notes. In the following workflow, a network operator needs to troubleshoot a set of similar authentication violations taking place at multiple branches. Because the operator suspects that the authentication problems are due to a network attack in progress, the operator runs the Packet Capture feature against the NAMs or ASRs for each branch, then runs the Packet Decoder to inspect the suspicious traffic. |
Note |
The legacy cipher, which helps you to perform the Copy To or Merge functionalities in the Packet Capture screen, in the Prime Infrastructure server is enabled by default. In case the Copy To/Merge functionalities do not work, you must enable it manually by entering the following command in the Prime Infrastructure's CLI. #admin ncs run ssh-server-security-legacy-algorithms enableYou must disable it after performing these actions. Enter the following command to disable. admin# ncs run ssh-server-legacy-algorithms disable |
Procedure
Step 1 |
Create a capture session definition:
|
Step 2 |
To decode a packet capture file:
|
Step 3 |
To run a packet capture session again, select the session definition in the Capture Sessions area and click Start. |