today I played around with the built-in packet capture of EXOS ( How To: How to perform a local packet capture on an EXOS switch | Extreme Portal (force.com) )
I’m able to capture packets and open the pcap file with wireshark, but I only see the following packets:
Wondering if I’m doing something wrong or if the feature is something else than I’m thinking. Any hints?
Best answer by Christopher Thompson
You can use the editcap tool to remove the first 52 bytes. Mine looked something like below from Powershell:
PS C:\Program Files\Wireshark> .\editcap.exe -C 52 editcap.pcap newpcap.pcap
PS C:\Program Files\Wireshark> .\editcap.exe -C 52 <original pcap filename> <new pcap filename>
Below is more on editcap: