Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
811
Views
0
Helpful
1
Replies

TCPdump with NAC

hillegas
Level 1
Level 1

‎03-19-2009 06:13 AM - edited ‎02-21-2020 03:21 AM

How can I use TCPdump with the CAS? When specifying a physical interface while using TCPdump, it only picks up broadcast traffic. For example tcpdump -vv -nn -i eth1. Is there special options to look at all traffic through the CAS in my L3 deployment. Do I need to use the fake interfaces?

0 Helpful
1 Reply 1

greg.washburn
Level 1
Level 1

‎03-19-2009 06:38 AM

I use eth0 and fake0 dumps together. 1 is the inbound and one seems to represent an outbound. It may also be that it represents the internal routing within the cas.

However, to me it was easier to get a real picture by spanning the switch ports connected to the cas off to a wireshark device. Then perform the capture on the wireshark device.

Keep in mind if you are spanning from a remote switch your capture will not include vlan tags so if possible consider spanning to a port on the same switch connected to the CAS.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card