Cisco Cisco Prime Infrastructure 3.0 White Paper

 

 

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. 

Page 55 of 63 

Figure 76.    Packet Capture Session 

 

There are times when you want to capture packets based on a trigger. There is no way to anticipate the time of the 

trigger. For example, if you are trying to meet the SLA for AvgRespTime for an application, you may want to start 

the packet capture if the response time exceeds the predefined time. You can easily achieve this by combining 

threshold and packet capture in Cisco Prime Infrastructure. Navigate to

 

 

By clicking on threshold template, you can create a new instance from it. In 

order to change any of them, simply select that row and edit the threshold as shown in Figure 77. You can see that 

we have chosen to alert and start capturing SharePoint traffic if the AvgRespTime exceeds the default value. 

Figure 77.    Automate Packet Capture 

 

Once the packets are captured, there are two options to decode them. The easiest way is to select the packet 

capture session and click Decode from the Packet Capture homepage (Monitor > Tools > Packet Capture). The 

capture decode is shown in a pop-up window, which makes it extremely easy to evaluate each and every packet. 

You could also click Export and the .pcap file will be downloaded directly on the client PC. This is useful if you 

need to perform advance troubleshooting on the capture decode. There is a dimmed Merge button between the 

Decode button and the Export button, which can be used to merge the .pcap files if more than one file is selected. 

TIP: If the capture file is not very large (that is, not on the order of GB), it makes sense to decode it in Cisco Prime 

Infrastructure instead of jumping over to the NAM. Otherwise, you should use NAM instead of Cisco Prime 

Infrastructure for decoding very large capture files.