Wireshark Configuration Guidelines - Cisco Catalyst 4500 Series Configuration Manual

Configuring Wireshark
Table 56-1
Feature
File size
Ring file storage
Buffer storage mode

Wireshark Configuration Guidelines

When configuring Wireshark, ensure the following:
•
•
•
Defining, Modifying, or Deleting a Capture Point
Although listed in sequence, the steps to specify values for the options can be executed in any order. You
can also specify them in one, two, or several lines. Except for attachment points, which can be multiple,
you can replace any value with a more recent value by respecifying the same option, in the following
order:
Step 1 Define the name that identifies the capture point.
Step 2 Specify the attachment point with which the capture point is associated.
Multiple attachment points can be specified. Range support is also available both for adding and
removing attachment points.
Step 3 Define the core system filter, defined either explicitly, through ACL or through a class map.
Step 4 Specify the session limit (in seconds or packets captured).
Specify the packet segment length to be retained by Wireshark.
Step 5
Specify the file association, if the capture point intends to capture packets rather than merely display
Step 6
them.
Specify the size of the memory buffer used by Wireshark to handle traffic bursts.
Step 7
To filter the capture point, use the following commands:
Command
[no] monitor capture mycap match {any | mac
mac-match-string | ipv4 ipv4-match-string | ipv6
ipv6-match-string}
Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG
56-8
Default Wireshark Configuration
Traffic is active on the interfaces the Wireshark policy is applied on.
Filter rules match the traffic.
Mandatory parameters are configured.
Default Setting
No limit
No
Linear
Purpose
Defines an explicitly in-line core filter.
To remove the filter, use the no form of this command.
Chapter 56 Configuring Wireshark
OL-25340-01