Cisco Router Packet Capture and Export
I've recently had to troubleshoot some SIP calls going through a Cisco router (CUBE) and needed a way to capture the stream and view it easily.
To do this, you will need:
- CLI access to the router
- Wireshark installed on your PC
- tftp server installed on your PC (I used tftpd found here: tftpd32)
Here are the steps required:
Log into your router and create the capture policy:
ip traffic-export profile <name> mode capture bidirectional
Assign the capture profile to the interface:
interface <interface>
ip traffic-export apply <name> size 20000000
Clear any data and start the export:
traffic-export interface <interface> clear
traffic-export interface <interface> start
Test your application (or in my case, a SIP call)
Once the test is complete, stop the export:
traffic-export interface <interface> stop
Export the captured traffic to your PC via tftp:
traffic-export interface <interface> copy tftp:
Use Wireshark to open the file, then click "Telephony" at the top and then "VoIP Calls" to analyze the SIP traffic
Also, if you want to send your logs (in case of a debug) to your PC via tftp, the command is:
show logging | redirect tftp://tftpserver/destinationfilename
Source: https://thevoiceman.wordpress.com/2014/11/28/ip-traffic-exporting-cube/