# Mini Protocol Analyzer


Understanding how the Mini Protocol Analyzer works

- Release 12.2(33)SXI and later releases support the Mini Protocol Analyzer feature.
- Captures network traffic from a SPAN session and stores the captured packet in a local memory buffer.
- You can limit the captured packets from selected VLANs, ACLs, MACs, ethertype or packet size.
- You can start and stop the capture using immediate commands, or schedule the capture to begin at a specified date and time.
- The captured data can be displayed on the console, stored to a local file system, or exported to an external server.
- By default, only the first 68 bytes of each packet are captured.
- Only one capture session is supported.


Configuration

Switch(config)# monitor session 1 type capture
Switch(config-mon-capture)# description Mini Protocol Analyzer session
Switch(config-mon-capture)# buffer-size 1024 ! The default is 2048 KB
Switch(config-mon-capture)# rate-limit 1000 ! The default is 10000 packets per second
Switch(config-mon-capture)# source interface gi1/1 both
Switch(config-mon-capture)# filter access-group capture_acl
Switch(config-mon-capture)# filter vlan 100
Switch(config-mon-capture)# filter ethertype 0x0800 ! IPv4 packets
Switch(config-mon-capture)# filter length 0 1024 ! Between 0 and 1024 bytes
Switch(config-mon-capture)# filter mac-address aabb.ccdd.eeff

Starting and stopping a capture

The capture ends when one of the following conditions occurs:

- A stop or clear command is executed.
- The capture buffer becomes full, unless it is configured as a circular buffer.
- The number of seconds has elapsed.
- The number of packets has been captured.

Switch# monitor capture linear start
Switch# monitor capture linear start for 10 seconds
Switch# monitor capture linear start schedule at 22:00:00 11 feb 2013

Displaying and exporting the capture buffer

Switch# show monitor capture
Switch# show monitor capture status
Switch# show monitor capture buffer 1 detail
Switch# show monitor capture buffer 1 brief
Switch# monitor capture export buffer disk0:capture_file.cap

No comments: