Hi, everyone. Uh This video is just to give you a quick overview of the Eat analyzer tool in U CS. So the Eaten Laser tool is essentially a packet capture tool. Um It's not specific to Uau CS, it's available on all NX Os platforms. Um Obviously U CS itself is the underlying platform is, is Nexus and X OS software. So it's available in U CS also um couple of good articles that will uh so what I'm going to show you here is just a basic overview of how to do a packet capture. Um But it's a couple of good articles here.
We'll include these links in the video description. Um So here to Cisco and the Cisco forum and Cisco article articles itself goes into more detail on it a as a tool, what it is the different kind of um filters and captures that you can run et cetera. And here we have another one specifying across the more gives a bit more detail specifying across the three K five K and seven K platforms. But as mentioned, um it can also be run in U CS.
So just to run it, what I've done here is I have SS HD into my fabric interconnect. Um This is a clustered pair. So I've the U CS M cluster IP and brings me into the primary F I which is FI A in this case, let me just open the screen here a bit. Um So when you're on this, now you can also, if you can also um SSH to the individual F I IP S as well because this command is actually run individually on each F I.
So now that I've gone to the cluster IP here, I'm going to have to connect to the NX OS platform of each um F I separately to run it. Um So to do that, you just do your connect NX OS. As you can see here, you can specify if you want to go to FI A or FIB. Um Or if you just don't put any specification just to connect an X OS, it's gonna connect to the NX OS of the primary F I. Um So that's what I'm going to do.
So it's going to, I'll just do connect NX Os. Once you're in the NX Os mode, you can run a heat analyzer. So you just do eat analyzer. Um Obviously, as you go along, you can use the question mark, it will give you the, the prompts OK interface. Um So also just to specify that this um this tool is only used for capturing control plane traffic. So not data plane traffic. Um If I go here to one of the articles mentioned, yeah, you can see it gives a description of kind of the tree interfaces that you can um kept your traffic on.
So you have your management interface for management traffic. Obviously you have your inbound low, which is for low priority traffic, P 10 net, secure shell CPU bound traffic and inbound high and for high priority spanning three protocol BPD us um et cetera, CPU bound traffic. So just for control playing traffic, you would actually, there is actually actually in this article, the other article I've shown it does talk further down about using access lists, um et cetera. Um So you can actually use access access, you can use, I don't believe you can do access lists in U CS.
But in the, the other nexus uh devices like three K five K, you can actually use access lists if you wanted to try and capture a particular traffic traffic because this traffic obviously will be sent to the CPU for uh to, to check the cri if it matches the required criteria, et cetera. Um And then that way you can capture data traffic. That way if, if, if you send it through access lists and we won't be doing that on this video. So back to here, eat on a local interface. Um Do a question mark. It will give you those three interfaces you can choose and we're going to do management.
In this case here, a number of different things, but we're just going to, we're going to limit the number of they would capture frames. So basically you can specify how many frames you want to capture. Um So you can see here you could, there's a quite a large range where you know, in this case, we're just going to say 50 we just capture 50 frames just uh just as in a video. For an example, different things, you can output it, pipe it to, to a different location or you can write to a location we're going to write in this case, in this case, um we're going to write it to the volatile memory, we call it packet test that PC just press returned then all good.
Um So if we exit back over here to the main menu, we do connect local management and we will do LS volatile. And here you can see my, my packet, the file that I created with the capture data. Um You can then you can uh send this to uh get this off the device using uh FTP S FTP T FTP. So I don't actually have a, an FTP or any kind of a server set up that I can access at the moment. But I just run the command to give you an example of how to um copy this off. So you just do, if you're in here, it'll show you that you do your question mark, it'll show you the different command you can start with.
So we're going to do a copy I have on that. It makes a difference. So just gonna do copy volatile. That's true here. And we will do, let's just say FTP, I would just say user name at, would say 111, we'll just make up an IP just as I said, I don't have an actual FTP server here that I can access at the moment. Um Just give it to fake and obviously that would copy the file down if I had a FDP server that I could set up. But as I said, I don't have access, but that's just an example.
Um Another thing you can do actually, um So once you have that file, copy down, you can open it in wire shack, they will run it through wire shack with all the different filtering, et cetera. Um Another thing you can do if you don't have wire shack, you don't want to use wire shark. Maybe. Um This is a bit more, gives a bit more, it can be a bit harder to read, but it still works. It, you connect your NX OS again and it's just to eat analyzer local interface management and let's just do detail.
And so it should allow me to limit captured frames. Oh no, it doesn't. Oh Jeez. Let's just see if I can. The limit command comes up here. OK. She's very press. Let's do detail. Yes, that's how do do your each analyzer looking into face management limit capture frames detail that o puts to the screen? I believe you can possibly do no more here as well to stop having to press more if you wish. So let's just try that. Yes. So I went down and captured 10 frames. I put them to the screen. Of course, if you want to, you can um I'll put that to a file. I'm using Putty here.
So I'll just change the putty um logging commands to put it to a file. I just put it on this top here. Um PC dot TXD. Well, let's run that command again. OK? And we should have our file here somewhere to see it's captured everything. Um not as nice to go through and if you've just kept it as a pack of capture and open my shark, but I said maybe that's not something that is available to you, but you can go through it this way also.
So yeah, that was just a quick overview. Um As I said, we put these two article links in the video description. They go into a lot more detail and all the different um command you can use filtering the information you capture, et cetera. And to be honest, I often just don't filter the information I capture, I'll just do the normal capture like we did there and use the wire shark to do all my filtering through. Um One example of what, where I found this tool quite useful is where we had a customer who was seeing a lot of failed login showing up on the log files in the U CS.
Um And I believe it changed in later versions of Nexus software that the VIP of the device that was failed to log in doesn't appear anymore on the log files. You just get the time of a device that had a lo in failure. And we were trying to figure out what the device was. So we did run the analyzer on the the management interface. Um And we were able to track down the IP and discover where that, that that problem might be.
And once we had the IP, we were able to customer was able to determine where in this network it was um and tracked it down to a monitoring device, an old monitoring device that was still running. They had changed the log in and using the change that you started using le et cetera, but they had forgotten about this management device. Um and hadn't set up the correct configuration for this man. It wasn't needed anymore to manage device, but they had forgotten to set up any the configuration required for this management device confit con continue logging in on the new um conditions.
So that's one example of how I use the analyzer tool. Um But like I said these two articles you'd have pretty much as much information as, as, as, as you can need to get started with on a all the different mentation of how you can run the tool. So that's it. I hope this video was helpful.
And thank you for watching.