Cisco Nexus 1000V Troubleshooting Guide, Release 4.2(1)SV1(5.1)

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Book Contents

Find Matches in This Book

Available Languages

Download Options

Book Title

Cisco Nexus 1000V Troubleshooting Guide, Release 4.2(1)SV1(5.1)

Chapter Title

Ethanalyzer

PDF - Complete Book (6.9 MB) PDF - This Chapter (86.0 KB)
View with Adobe Reader on a variety of devices

Results

Updated:: December 7, 2013

Chapter: Ethanalyzer

Using Ethanalyzer

Ethanalyzer

This chapter describes how to use Ethanalyzer as a Cisco NX-OS protocol analyzer tool.

This chapter includes the following section:

•Using Ethanalyzer

Using Ethanalyzer

Ethanalyzer is a Cisco NX-OS protocol analyzer tool based on the Wireshark (formerly Ethereal) open source code. Ethanalyzer is a command-line version of Wireshark that captures and decodes packets. You can use Ethanalyzer to troubleshoot your network and analyze the control-plane traffic.

To configure Ethanalyzer, use one or more of the following commands:

Table 26-1 Ethanalyzer Commands Used for Configuring
Command	Purpose
switch# ethanalyzer local sniff-interface interface	Captures packets sent or received by the supervisor and provides detailed protocol information. Note For all commands in this table, interface is control, ha-primary, ha-secondary, inband (packet interface) or mgmt (management interface).
switch# ethanalyzer local sniff-interface interface detailed-dissection	Displays detailed protocol information
switch# ethanalyzer local sniff-interface interface limit-captured-frames	Limits the number of frames to capture.
switch# ethanalyzer local sniff-interface interface limit-frame-size	Limits the length of the frame to capture.
switch# ethanalyzer local sniff-interface interface capture-filter	Filters the types of packets to capture.
switch# ethanalyzer local sniff-interface interface display-filter	Filters the types of captured packets to display.
switch# ethanalyzer local sniff-interface interface dump-pkt	Dump the packet in HEX/ASCII with possibly one line summary
switch# ethanalyzer local sniff-interface interface write	Saves the captured data to a file.
switch# ethanalyzer local read file	Opens a captured data file and analyzes it.

Ethanalyzer does not capture data traffic that Cisco NX-OS forwards in the hardware. Ethanalyzer uses the same capture filter syntax as tcpdump. For more information, see the following URL:

http://www.tcpdump.org/tcpdump_man.html

For information about the syntax of the display filter, see the following URL:

http://wiki.wireshark.org/DisplayFilters

This example shows captured data (limited to four packets) on the management interface:

switch# ethanalyzer local sniff-interface mgmt limit-captured-frames 4

Capturing on eth1

2012-10-01 19:15:23.794943 10.78.110.241 -> 72.163.145.51 SSH Encrypted response packet 
len=64

2012-10-01 19:15:23.796142 10.78.110.241 -> 72.163.145.51 SSH Encrypted response packet 
len=144

2012-10-01 19:15:23.796608 10.78.110.241 -> 72.163.145.51 SSH Encrypted response packet 
len=144

2012-10-01 19:15:23.797060 10.78.110.241 -> 72.163.145.51 SSH Encrypted response packet 
len=144

4 packets captured

switch#

For more information about Wireshark, see the following URL: http://www.wireshark.org/docs/

Was this Document Helpful?

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)