Extreme Networks

Stefan_K_ · ‎05-18-2021

Hello,

today I played around with the built-in packet capture of EXOS ( How To: How to perform a local packet capture on an EXOS switch | Extreme Portal (force.com) )

I’m able to capture packets and open the pcap file with wireshark, but I only see the following packets:

999ffec7689143d294de259a963f2492_0cfb738b-55a4-498b-9533-89f57cd81ed1.png

Wondering if I’m doing something wrong or if the feature is something else than I’m thinking. Any hints?

Best regards
Stefan

CThompsonEXOS · ‎05-18-2021

Hi,

You can use the editcap tool to remove the first 52 bytes. Mine looked something like below from Powershell:

PS C:\Program Files\Wireshark> .\editcap.exe -C 52 editcap.pcap newpcap.pcap

syntax below:
PS C:\Program Files\Wireshark> .\editcap.exe -C 52 <original pcap filename> <new pcap filename>

Below is more on editcap:

https://www.wireshark.org/docs/man-pages/editcap.html

Before:

83850ff01e9c44fd92c42a4a8fa2122d_701970b3-7509-4c5a-9bf0-a8dab60f51b4.png

After:

83850ff01e9c44fd92c42a4a8fa2122d_65f32e5a-5e2a-4a35-96da-75256f170e72.png

Thanks,

Chris Thompson

View solution in original post

CThompsonEXOS · ‎05-18-2021

Are you on 30.x or newer? IIRC some bytes need to be stripped to be read properly if so.

Generally it’s used for troubleshooting and debugging:

Be Aware!
Debug commands are primarily meant for trouble shooting purposes and are NOT part of any EXOS validation tests (regression).
The usage of any debug command can result in unexpected side-effects (like memory depletion, high CPU, process failures).

Is there a certain type of traffic you are trying to capture?

Thanks,

Chris Thompson

Extreme Networks

EXOS Packet Capture

EXOS Packet Capture