Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Bronze

tcpdump doesn't work anymore in latest ISE ?

ISE Version 1.2

Patch 1 & Patch 2 installed.

When i do a TCP dump in RAW format, Wireshark can't open the PCAP file ?? doh ??

Dump of file shows it is in Text form, even when i specify "Raw format".

Browser used: IE8

>cat TCPdump.pcap | more

10:34:40.435767 IP (tos 0x0, ttl  64, id 6848, offset 0, flags [DF], proto: TCP (6), length: 669) ise.https > xxxxxx.36152: P 22

91174308:2291174937(629) ack 2847270850 win 60

10:34:40.440341 IP (tos 0x0, ttl  64, id 37426, offset 0, flags [DF], proto: UDP (17), length: 71) ise.45102 > xxxxxxxm.

domain:  39538+ PTR? 65.66.100.10.in-addr.arpa. (43)

Anyone seen this also ?

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: tcpdump doesn't work anymore in latest ISE ?

This is a known issue.  Patch 2 actually "broke" this functionality.  This is fixed in Patch 3

CSCuj51094 - Captured TCPDump file is not working on Patch-2 Alpha

120 patch 3 will be released towards end of this month.

If you open the "raw" file in notepad, it's actually the human readable format.

4 REPLIES
Cisco Employee

Re: tcpdump doesn't work anymore in latest ISE ?

This is a known issue.  Patch 2 actually "broke" this functionality.  This is fixed in Patch 3

CSCuj51094 - Captured TCPDump file is not working on Patch-2 Alpha

120 patch 3 will be released towards end of this month.

If you open the "raw" file in notepad, it's actually the human readable format.

New Member

tcpdump doesn't work anymore in latest ISE ?

Any way to obtain this patch before release? I need to examine the wireshark logs myself and with ise being a vmware appliance capturing the data without it's built in tcpdump is challanging.

Cisco Employee

tcpdump doesn't work anymore in latest ISE ?

This is an internal defect so you may not be able to see the inside content. However, Patch 3 will be out in November.

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
Bronze

tcpdump doesn't work anymore in latest ISE ?

Maybe uninstalling patch 2 will restore functionality if you really need to do captures ?

499
Views
9
Helpful
4
Replies