Re: How do I get Ethanalyzer to display the packets in the CLI?

bornack.envestnet · ‎10-12-2019

I'm not sure why, but I've always had trouble deciphering which commands to use to show the packets in the CLI as they pass through the switch, matching my filter.

Basically, I want to show packets that match my filter right there in the CLI.

Is this the correct usage?

ethanalyzer local interface inband display-filter ip.addr==1.2.3.4 limit-captured-frames 20

Capturing on inband
0 packets captured

I'm troubleshooting an issue, so I'm not sure if the packets aren't entering my switch, or if I have the filter wrong.

Not sure why I have trouble with this every time I try to use it.

Thanks in advance!

Andrea Testino · ‎10-15-2019

Hi there,

Ethanalyzer will show you control-plane packets (packets destined to the switch or originated from the switch) but it is not meant to be used for troubleshooting data-plane (traffic through the switch). I'm guessing you're attempting the latter which is why it is not capturing them.

Depending on the Nexus platform you are working with and its NX-OS version, you can temporarily configure a SUP SPAN (which essentially mirrors data plane traffic to the supervisor) to troubleshoot but definitely not recommended to leave this on long term.

What platform/NXOS are you running? I can check if supported and provide you with a sample configuration.

As far as how the capture/display filters work, it's essentially Wireshark if you're familiar with that. We do have a good starter guide here for Ethanalyzer as well.

Hope that helps!

- Andrea, CCIE #56739 R&S