There are some internal tools that can decode SPP packets at former, but they are not work now. In some scenario, customer coudln’t do span on our asr9k, so we only need SPP, then will face to how to decode SPP result.
The article disscuss how to covert SPP original data to text2pcap readable format, then decode by text2pcap. You only do the script that can auto work. Btw, before do that, you need have python2.7 and text2pcap (integrate in wireshark). If you have python3.0 or newer, that maybe have some issue, because some function have a bit different, you need adjust them by yourself.
之前讨论过在XR上,当我们遇到与本设备交互的TCP/UDP和RAW有问题时,可以用下面方法抓下来,然后分析《How to decode TCP, UDP and RAW for IOS-XR》。在76/65上,可以用Netdr,ELAM,CPU span,PB capture,那在咱们的ASR9k上是否有类似好用的工具?答案当然是肯定的,在咱们ASR9k上有两个方法可以抓punt到CPU的包:
在4.3.1以后,XR支持NP Monitor
详细的可以看下面文章: https://supportforums.cisco.com/docs/DOC-29010
这里要注意的是:Note that a captured packet will be DROPPED!
所以一定要注意在选择monitor的counter时,要选择真正的drop counter,而不要把正常的counter给monitor了,那样数据转发就会受影响了。暂时没有测试环境,没法贴出详细测试步骤,文档写的很清楚,详细看上面的文档。