05-18-2021 01:00 PM
Hello,
today I played around with the built-in packet capture of EXOS ( How To: How to perform a local packet capture on an EXOS switch | Extreme Portal (force.com) )
I’m able to capture packets and open the pcap file with wireshark, but I only see the following packets:
Wondering if I’m doing something wrong or if the feature is something else than I’m thinking. Any hints?
Best regards
Stefan
Solved! Go to Solution.
05-18-2021 03:54 PM
Hi,
You can use the editcap tool to remove the first 52 bytes. Mine looked something like below from Powershell:
PS C:\Program Files\Wireshark> .\editcap.exe -C 52 editcap.pcap newpcap.pcap
syntax below:
PS C:\Program Files\Wireshark> .\editcap.exe -C 52 <original pcap filename> <new pcap filename>Below is more on editcap:
https://www.wireshark.org/docs/man-pages/editcap.html
Before:
After:
Thanks,
Chris Thompson
03-16-2026 10:31 AM - edited 03-16-2026 10:31 AM
from what you’re describing, it doesn’t sound like you’re doing anything wrong—it’s more about how the EXOS packet capture feature actually works under the hood. Flixtor The built-in capture on EXOS switches is fairly limited compared to something like a full span/mirror session feeding into Wireshark.
In many cases, EXOS captures are restricted to CPU-bound traffic (control plane) rather than full data plane forwarding. That means you’ll mostly see things like ARP, LLDP, STP, or other management/control packets, which would explain why your capture looks “incomplete” or not what you expected.
05-18-2021 01:17 PM
Hi Chris,
thanks for your quick reply! I’m on 30.7.1.1-patch1-86. Switch is an X460-G2. I’m just doing some testing of this feature and don’t want to capture any specific traffic for now. But we might need this feature in the near future. (Troubleshooting at a customers site)
Best regards
Stefan
05-18-2021 01:05 PM
Are you on 30.x or newer? IIRC some bytes need to be stripped to be read properly if so.
Generally it’s used for troubleshooting and debugging:
Be Aware!
Debug commands are primarily meant for trouble shooting purposes and are NOT part of any EXOS validation tests (regression).
The usage of any debug command can result in unexpected side-effects (like memory depletion, high CPU, process failures).Is there a certain type of traffic you are trying to capture?
Thanks,
Chris Thompson