Cisco IOS 12.4(20)T Packet Capture Feature

Terry Slattery
Principal Architect

Jamey Heary, CCIE No. 7680, who writes for Network World’s Cisco Subnet, recently wrote about a set of new features in Cisco’s IOS 12.4(20)T release.  One of the features he describes is pretty neat:   Packet Capture.

At times, the only way you can troubleshoot a network problem is to get a packet capture of some application or of the traffic on a suspect link.  So you need to take your packet analyzer out to the site and capture data for this analysis.  Distributed Sniffer and similar systems were created to allow network engineers to not always have to go into the field to capture data.  With technologies like MPLS, remote sites will often communicate with one another without the data transiting a central facility where an expensive packet capture probe can be located.

So Cisco’s new feature that allows packet capture within the router will help the network engineer perform diagnosis and analysis without having to go onsite.  Also cool is the fact that this packet capture supports both CEF and process switched packets. One of the neat features is that the packet capture data is exportable in PCAP format, so analysis tools like Wireshark can import the capture data.

As with any new feature, it is only available on a subset of routers – the ISR and 7200 series routers, which are software based.  I’m sure that the hardware based routers will follow in the future as new ASICs support packet capture.

Take a look at Jamey’s article and its links to the relevant documentation for details on how it works.



Re-posted with Permission 

NetCraftsmen would like to acknowledge Infoblox for their permission to re-post this article which originally appeared in the Applied Infrastructure blog under


Leave a Reply