Configuring Wireshark - Cisco Catalyst 4500 Series Configuration Manual
Release ios xe 3.3.0sg and ios 15.1(1)sg
Hide thumbs
Also See for Catalyst 4500 Series:
- Software configuration manual (2086 pages) ,
- Administration manual (1814 pages) ,
- Configuration manual (1254 pages)
Table of Contents
Advertisement
Chapter 56
Configuring Wireshark
•
•
•
There are four classification results for input and output classification. In the input direction, they are
ordered role-based, security, QoS, and forwarding override. In the output direction they are ordered
forwarding override, role-based, security, and QoS.
On the input side, the Wireshark capture feature is placed in the forwarding override result type,
prioritized above the other FO features (such as multicast local source capture, PBR and ingress WCCP).
The packets captured by Wireshark are before any redirection by PBR or WCCP. Because security ACLs
are applied ahead of FO-related features, packets that are dropped by security ACLs are not captured by
Wireshark.
On the output side, the Wireshark capture feature is placed in the forwarding override result type,
prioritized below the other FO features (such as egress WCCP). Wireshark captures packets only if the
other egress FO features do not apply.
Configuring Wireshark
The CLI for configuring Wireshark requires that the feature be executed only from EXEC mode. Actions
that usually occur in configuration submode (such as defining capture points), are handled at the EXEC
mode instead. All key commands are not NVGEN'd and are not synchronized to the standby supervisor
in NSF and SSO scenarios.
The following sections describe how to configure Wireshark:
•
•
•
•
Default Wireshark Configuration
Table 56-1
Table 56-1
Feature
Duration
Packets
Packet-length
OL-25340-01
Redirection features—In the input direction, features traffic redirected by Layer 3 (such as PBR and
WCCP), are logically later than Layer 3 Wireshark attachment points. Wireshark captures these
packets even though they might later be redirected out another Layer 3 interface. Symmetrically,
output features redirected by Layer 3 (such as egress WCCP) are logically prior to Layer 3
Wireshark attachment points, and Wireshark will not capture them.
Classification copy features—Features that generate copies of packets from the role-based and
Security lookup types are compatible with Wireshark. Multiple copies of these packets are
generated.
SPAN—Wireshark and SPAN sources are compatible. You can configure an interface as a SPAN
source and as a Wireshark attachment point simultaneously. Configuring a SPAN destination port
as a Wireshark attachment point is not supported.
Default Wireshark Configuration, page 56-7
Wireshark Configuration Guidelines, page 56-8
Defining, Modifying, or Deleting a Capture Point, page 56-8
Activating and Deactivating a Capture Point, page 56-10
shows the default Wireshark configuration.
Default Wireshark Configuration
Default Setting
No limit
No limit
No limit (full packet)
Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG
Configuring Wireshark
56-7
- Quick Links:
- Resetting a Switch to Factory Default...
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
