Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
478
Views
0
Helpful
2
Replies

FWSM ASP Drop Captures

Antonio Knox
Level 7
Level 7

‎06-24-2013 08:53 AM - edited ‎03-11-2019 07:02 PM

Can anyone explain to me why it is that when I run a capture that I don't see any ip addresses in the capture output?  Here's what I'm seeing:

FWSM# sh cap dropcap

761 packets seen, 761 packets captured

   1: 11:26:45.370601 802.1Q vlan#322 P0 fe80::e5a9:75e9:3da:2187.546 > ff02::1:2.547:  udp 111 [hlim 1]

   2: 11:26:47.540041 802.1Q vlan#321 P0 fe80::5c3b:a488:b25f:76cf.546 > ff02::1:2.547:  udp 112 [hlim 1]

.......

Does the FWSM captures default to IPv6 or something?  I expect to see solicitations and such, but I know I'm dropping IPv4 packets as well, but I don't see any here.

Labels:
0 Helpful
2 Replies 2

Antonio Knox
Level 7
Level 7

‎06-26-2013 10:36 AM

Never mind.  Figured it out.

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to Antonio Knox

‎06-26-2013 10:04 PM

Hello Antonio,

Those addresses are from IPv6 (Link-local addresses communicating to a Multicast address)

Can you share to the community what you find out so people with the same query than you can learn from this,

Also mark the question as answered as you already figure it out

Remember to rate all of the helpful posts.

For this community that's as important as a thanks.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card