Reset Search
 

 

Article

How to capture CPU traffic from a 200-Series switch to a remote PC

« Go Back

Information

 
TitleHow to capture CPU traffic from a 200-Series switch to a remote PC
Objective
How to set up remote capture mode to redirect captured CPU packets to a Windows PC running Wireshark
Environment
  • 200-Series switches
  • All firmware versions
  • remote CPU packet capture
  • Windows Wireshark
Procedure
Start the Remote Packet Capture protocol on the switch before Wireshark connects to it
 
(Extreme 220) >enable
Password:***********

(Extreme 220) #capture start
(Extreme 220) #configure
(Extreme 220) (Config)#capture remote port 2002
(Extreme 220) (Config)#show capture

Operational Status............................. Enabled
Current Capturing Type......................... Remote
Capturing Traffic Mode......................... Tx/Rx
Line Wrap Mode................................. Disabled
RPCAP Listening Port........................... 2002
RPCAP dump file size (KB)...................... 512

(Extreme 220) (Config)#
(Extreme 220) (Config)#exit
(Extreme 220) #

Set up Wireshark PC
 
  • Capture >Options...
  • Manage Interfaces
  • Remote Interfaces tab
  • Add the IP address of the switch and the tcp port it is sending to (default 2002)
  • Apply

Start the capture

User-added image


Stop capture
 
(Extreme 220) (Config)#
(Extreme 220) (Config)#exit

(Extreme 220) #capture stop
(Extreme 220) #



 
Additional notes
With remote capture mode, the switch does not store any captured data locally on its file system
The default port number for connectinmg to Wireshark is port number 2002
If there is a firewall between the Wireshark PC and the switch, then the port configured must be allowed to pass through the firewall
The Wireshark PC receives the packets and displays them until termination from either end

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255