Here is a quick guide on how to do an IOS packet capture. In the example, I am using a Cisco 867VAE.
There is also a good article here from Cisco
1) Create a capture buffer. This is where the capture will be stored. Various options can be chosen, such as size, and whether the buffer will overwrite itself. e.g. the following defines a buffer called BUF.
Note: you need to be in privileged exec mode, not configuration mode for monitor commands
monitor capture buffer BUF size 2048 max-size 1518 linear
2) Define the traffic you want to capture using an access list. e.g. the following captures traffic from source and destination hosts using an access list called BUF-FILTER
ip access-list extended BUF-FILTER
permit ip host 192.168.1.1 host 172.16.1.1
permit ip host 172.16.1.1 host 192.168.1.1
3) Apply the access list to the buffer
monitor capture buffer BUF filter access-list BUF-FILTER
4) Define where you want to capture the traffic. For example, the following defines the capture point called POINT, as IP traffic in both directions on FastEthernet 0.
monitor capture point ip cef POINT fastEthernet 0 both
5) Attach the buffer to the capture point
monitor capture point associate POINT BUF
6) Start and stop the capture to collect the necessary data.
monitor capture point start POINT monitor capture point stop POINT
7) To see if the capture is running use the following commands:
show monitor capture buffer all parameters show monitor capture point all
8) Examing the packet capture
show monitor capture buffer BUF dump
9) Export the capture if required, or copy and paste the capture to an online decoder such as https://cway.cisco.com/tools/CaptureGenAndAnalyse/
ip host ftp-server <ip address> ip ftp username ftp-user ip ftp password ftp-password monitor capture buffer BUF export ftp://ftp-server/BUF.pcap
10) After use, delete the capture buffer and capture point, and the ACL
no monitor capture point ip cef POINT fastEthernet 0 both no monitor capture buffer BUF no ip access-list extended BUF-FILTER
The Traceroute Blog 