Skip to Content

Cisco Nexus Switches, with built-in Wireshark

Most of us out there have a copy of Wireshark on our PCs and laptops for troubleshooting problems as well as for learning and figuring out how protocols work. Well, what if you are troubleshooting a problem and you don't happen to have Wireshark installed? 

No problems if you are working on the Nexus 7000, wireshark is built in. Now, don't get too excited, it isn't like there is a built-in GUI (yet?). Cisco simply based their Cisco NX-OS Ethanalyzer on the command-line version of wireshark, also known as T-shark. The syntax is very similar to tcpdump in linux, here is an example:

NX7K# ethanalyzer local sniff-interface inband capture-filter "net 10.1.2.0/24 and port 80"

Also, in newer versions of IOS, you can capture traffic locally on the device then tftp it to your desktop to analyze it, very similar to what Pix's could do 10 years ago. Here's a link to a standard capture example

Your rating: None Average: 5 (1 vote)

Comments

CCDA Prep

Hi Jeremy,

Wanted to first say that you did a great job with the CBT Nuggets for ICND1 and 2. On another note, I trying to get prepped for the CCDA and needed to ask if you had any recommendation or suggestions on some study guides that I could use in the process of getting ready. I see that you don't have CBT nuggets for CCDA. Any help that you could give would be much appreciated, thanks

On-router packet capture

As much as I love Cisco, JunOS has had this feature for a very long time.

nexus EthAnalyzer

Just an FYI - this is only availble for data that passes through the control plane. Unlike other Cisco switches only control plane data passes through the Supervisors on the nexus as the FIB is stored on all modules similar to DCEF. The ethanalyzer feature can only capture control plane data. Handy?....I suppose...Have not had to use it as of yet though.



blog | by Dr. Radut