Hi every body
I was toying around with wireshark, when i noticed remote packet capture option. I googled it and found when we have to laod remote packet capture protocol on the target node.
Here is my Scenario.
we have cisco networks , routers and switches and we want to capture the packet entering specific router port. How do we do that using wireshark?
do we have to download the above mentioned program on the router? how do we do that,?
The only thing i know is to use ios to configure routers .But do we load remote packet capture protocol so we can remotely capture packets entering router specific interface ?
>> do we have to download the above mentioned program on the router? how do we do that,?
no this is not possible as IOS is a closed system we cannot install a program over it.
there are some options explained by Alain
the typical use we do is:
we put a PC running wireshark connected to the destination port of a SPAN session configured on a switch or its variants ( RSPAN and ERSPAN).
Hope to help
To use wireshark on a Network in its simplest form you configure a SPAN port at the local switch.
The command for this on fx a 3750 would be something like this)
monitor session (session number fx 1) source interface (and add the interface you would want wo listen to fx gig1/0/1)
and then you set up the port you want your wireshark to be connected to
monitor session (same as session above) destination interface (and add the interface you want to send the traffic out on fx gig1/0/2)
A tip, if you are to use a monitor port on a swithc set a empty rj45 connection in the destination switchport if you leave it configured so that you or someone else does not use it by mistake.
The monitor port can not send data out to the switch anymore but it will recieve all that the source port sees and sends.
Then there are several other ways of using fx packet capture in the ASA and then export it and look at it in wireshark.
you can set up a place where you can have a wireshark computer set up and you can monitor any port in the network.
this can be done through the use of RSPAN.
On switches you use SPAN or RSPAN and on routers you can use RITE or EPC
Here are the links: