exporting to wireshark

hi all

 

could you please tell me what command you use on the router to export traffic to wireshark ?

 

thanks,

Comments

  • sorry for bumping an old thread but i have some issues when i do monitor capture from the VIRL IOS image (Cisco IOS Software, IOSv Software (VIOS-ADVENTERPRISEK9-M), Version 15.5(2)T, RELEASE SOFTWARE (fc1)

    I'm running it in WMware Workstation since it uses less RAM than VIRL and when do a capture, it appears in wireshark with [packet size limited during capture: [protocol] truncated]. I've looked about it and i didn't find any option in vmware that would fix this. Anyone else had this issue?

  • sorry for bumping an old thread but i have some issues when i do monitor capture from the VIRL IOS image (Cisco IOS Software, IOSv Software (VIOS-ADVENTERPRISEK9-M), Version 15.5(2)T, RELEASE SOFTWARE (fc1)

    I'm running it in WMware Workstation since it uses less RAM than VIRL and when do a capture, it appears in wireshark with [packet size limited during capture: [protocol] truncated]. I've looked about it and i didn't find any option in vmware that would fix this. Anyone else had this issue?

  • sorry for bumping an old thread but i have some issues when i do monitor capture from the VIRL IOS image (Cisco IOS Software, IOSv Software (VIOS-ADVENTERPRISEK9-M), Version 15.5(2)T, RELEASE SOFTWARE (fc1)

    I'm running it in WMware Workstation since it uses less RAM than VIRL and when do a capture, it appears in wireshark with [packet size limited during capture: [protocol] truncated]. I've looked about it and i didn't find any option in vmware that would fix this. Anyone else had this issue?

  • Exactly. I did not created a VM inside Workstation to use it as a wireshark box, instead I'm exporting to my laptop on that runs the VMworkstation

    Send from Mobile Phone

    On 29 Apr 2015 06:44, "Martinl" <[email protected]> wrote:

    initial post must be approved by admin and any replies must be 5 minutes apart (spamming filter).  Stick out tongue

    so, you have captured and exported traffic to workstation; now when u open pcap in Wireshark, u see that message?




    INE - The Industry Leader in CCIE Preparation

    http://www.INE.com



    Subscription information may be found at:

    http://www.ieoc.com/forums/ForumSubscriptions.aspx
  • but i'm not running inside VIRL, i run it in my VMware Worksation that runs in Win7. Inside VMware i creaded the virtual routers. When i export pcap to tftp server that is my Win7 machine, i get those truncated messages and don't know what can cause this. I believe it's a virtualisation issue but dunno how to fix it.

  • I did the same thing with CSR1000v and it seems that wireshark sees the packets correctly now without truncating them. So i guess it has something to do with how IOSv captures the packets

Sign In or Register to comment.