Packet size limited during capture

asked 2022-07-05 21:19:13 +0000

ipdebug gravatar image

updated 2022-07-06 10:39:20 +0000

Jaap gravatar image

I am trying to capture traffic of BGP peering on a cisco router using Embedded Packet Capturing: Even I set the size of the buffer to the maximum: 102400 but still after TCP 3 way handshake I got "Packet size limited during capture" and in the packet end [Packet size limited during capture: BGP truncated].

I am using this config on the router: 

monitor capture buffer B1 size 102400
monitor capture point ip process-switched C1 both
monitor capture point associate C1 B1
monitor capture point start C1
monitor capture point stop C1
monitor capture buffer B1 export tftp://x.x.x.x/R1.bgp.pcap

in the Wireshark preference snaplen is set to default as well. any ideas what's the issue ?

edit retag flag offensive close merge delete

Comments

Does your router support the "length" option?
Cisco IOS Embedded Packet Capture Command Reference

The length size keyword and argument copies the specified number of bytes of data from each packet. The default setting of 68 bytes is adequate for IP, ICMP, TCP, and UDP. If you set the length to 0, the whole packet is copied to the buffer.

Chuckc gravatar imageChuckc ( 2022-07-05 22:13:10 +0000 )edit

Thanks Chuckc for the reply. But I am using vios-adventerprisek9-m.vmdk.SPA.156-2 and "length" option is not supported

ipdebug gravatar imageipdebug ( 2022-07-06 14:13:37 +0000 )edit

@Chuckc you were correct the problem was the default settings of "Max Element Size : 68 bytes" I fixed it by increasing the Maximum size of element in the buffer (in bytes) like this: "monitor capture buffer B1 size 102400 max-size 1024"

ipdebug gravatar imageipdebug ( 2022-07-09 07:50:36 +0000 )edit
add a comment