Which two actions can you take to allow the greatest number of pertinent packets to be stored in
the temporary buffer of Cisco IOS Embedded Packet Capture? (Choose two.)
A.
Specify the sampling interval.
B.
Specify the capture buffer type.
C.
Specify a reflexive ACL.
D.
Specify the minimum packet capture rate.
E.
Specify the packet size.
F.
Store the capture simultaneously onto an external memory card as the capture occurs.
Embedded Packet Capture (EPC) provides an embedded systems management facility that helps
in tracing and troubleshooting packets. This feature allows network administrators to capture data
packets flowing through, to, and from a Cisco device. The network administrator may define the
capture buffer size and type (circular, or linear) and the maximum number of bytes of each packet
to capture. The packet capture rate can be throttled using further administrative controls. For
example, options allow for filtering the packets to be captured using an Access Control List and,
optionally, further defined by specifying a maximum packet capture rate or by specifying a
sampling interval.
Reference. http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/epc/configuration/xe-3s/asr1000/epcxe-3s-asr1000-book/nm-packet-capture-xe.html
Sampling interval has nothing to do with the _maximum_ number of packets to be stored in the buffer. So, option E looks better than option A.
The goal is to have MAX number of RELEVANT PACKETS in buffer.
(B) Changing the buffer type doesn’t improve neither MAX number nor making sure they are relevant.
(A) “Spreads” out the capturing, would improve the relevant aspect. Sounds correct to me.
(E) Would increase the max number of packets the buffer can hold. Sound correct to me.
B is correct:
R1#monitor capture buffer EPC-BUFFER-1 size 512 max-size 1024 circular
R1#sh monitor capture buffer all parameters
Capture buffer EPC-BUFFER-1 (circular buffer)
Buffer Size : 524288 bytes, Max Element Size : 1024 bytes, Packets : 0
Allow-nth-pak : 0, Duration : 0 (seconds), Max packets : 0, pps : 0
That may be the end of this post. Here youll locate some internet sites that we believe you will enjoy, just click the hyperlinks.
One of our guests lately proposed the following website.
Here are some links to internet sites that we link to simply because we believe they are worth visiting.
very couple of sites that take place to be comprehensive beneath, from our point of view are undoubtedly effectively worth checking out
Here is a great Weblog You may Locate Fascinating that we Encourage You
here are some hyperlinks to web sites that we link to for the reason that we assume they are really worth visiting
very few web sites that occur to be detailed beneath, from our point of view are undoubtedly effectively really worth checking out
below you will locate the link to some sites that we consider you ought to visit
please go to the web sites we adhere to, like this 1, because it represents our picks from the web
The info mentioned within the post are a few of the very best out there
Every after in a while we pick blogs that we study. Listed beneath are the most recent sites that we decide on
check below, are some completely unrelated websites to ours, nonetheless, they’re most trustworthy sources that we use
check beneath, are some completely unrelated web-sites to ours, having said that, they’re most trustworthy sources that we use
although web sites we backlink to below are considerably not related to ours, we feel they’re basically really worth a go through, so have a look
always a significant fan of linking to bloggers that I like but dont get quite a bit of link like from
Personally I like B and E …
E for sure can increase the number of interesting packets if we are for example tracking DNS or probe packets of a max length length …
B is not really increasing the number of interesting packets, but I thing that the guy writing the question based on that … A circular buffer can increase your chance of grab interesting packets, for example if you are waiting to capture something after a specific event.
I think that the guy writing the question based it on the following text:
http://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-embedded-packet-capture/116045-productconfig-epc-00.html
Basic EPC Configuration
Define a ‘capture buffer’, which is a temporary buffer that the captured packets are stored within. There are various options that can be selected when the buffer is defined; such as size, maxium packet size, and circular/linear:
monitor capture buffer BUF size 2048 max-size 1518 linear
we prefer to honor many other world-wide-web sites on the net, even though they arent linked to us, by linking to them. Underneath are some webpages worth checking out