Solved: Re: tcpdump doesn't work anymore in latest ISE ?

gnijs · ‎10-08-2013

ISE Version 1.2

Patch 1 & Patch 2 installed.

When i do a TCP dump in RAW format, Wireshark can't open the PCAP file ?? doh ??

Dump of file shows it is in Text form, even when i specify "Raw format".

Browser used: IE8

>cat TCPdump.pcap | more

10:34:40.435767 IP (tos 0x0, ttl 64, id 6848, offset 0, flags [DF], proto: TCP (6), length: 669) ise.https > xxxxxx.36152: P 22

91174308:2291174937(629) ack 2847270850 win 60

10:34:40.440341 IP (tos 0x0, ttl 64, id 37426, offset 0, flags [DF], proto: UDP (17), length: 71) ise.45102 > xxxxxxxm.

domain: 39538+ PTR? 65.66.100.10.in-addr.arpa. (43)

Anyone seen this also ?

Charlie Moreton · ‎10-08-2013

This is a known issue. Patch 2 actually "broke" this functionality. This is fixed in Patch 3

CSCuj51094 - Captured TCPDump file is not working on Patch-2 Alpha

120 patch 3 will be released towards end of this month.

If you open the "raw" file in notepad, it's actually the human readable format.

View solution in original post

Charlie Moreton · ‎10-08-2013

This is a known issue. Patch 2 actually "broke" this functionality. This is fixed in Patch 3

CSCuj51094 - Captured TCPDump file is not working on Patch-2 Alpha

120 patch 3 will be released towards end of this month.

If you open the "raw" file in notepad, it's actually the human readable format.

Seth Bjorn · ‎10-08-2013

Any way to obtain this patch before release? I need to examine the wireshark logs myself and with ise being a vmware appliance capturing the data without it's built in tcpdump is challanging.

Jatin Katyal · ‎10-08-2013

This is an internal defect so you may not be able to see the inside content. However, Patch 3 will be out in November.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

gnijs · ‎10-09-2013

Maybe uninstalling patch 2 will restore functionality if you really need to do captures ?