Here’s how it’s done: How to Setup the ERSPAN Tunnel interfaces by default use GRE and simply require a source and destination address to start encapsulation.Īny destination IP address can be used with ERSPAN, so what happens if the destination address is where Wireshark is running on a computer? Wireshark sees the live capture! The packets are encapsulated in GRE, but Wireshark displays the information of the encapsulated traffic, so it’s not a problem. It’s often paired up with IPSEC and used in VPN scenarios. GRE (generic routing encapsulation) is a common way to tunnel traffic across networks. This week I learned a trick that allows much more flexibility!ĮRSPAN is like RSPAN in that you can send mirrored traffic to other devices, but that “E” (which stands for encapsulated) makes a world of difference! ERSPAN encapsulates SPAN into GRE. Quit without Saving to discard the captured traffic.Typically when I need to do a packet capture on a remote Cisco IOS/IOS-XE device, I use RSPAN to mirror that traffic someplace where a VM can receive the capture. Close Wireshark to complete this activity.Click Clear on the Filter toolbar to clear the display filter.Observe that the Packet List Pane is now filtered so that only traffic to (destination) or from (source) IP address 8.8.8.8 is displayed.Type ip.addr = 8.8.8.8 in the Filter box and press Enter.Use ping 8.8.8.8 to ping an Internet host by IP address.Īctivity 2 - Use a Display Filter.YouTube: Wireshark 101: Display Filters and Filter Options, HakTip 122Īctivity 1 - Capture Network Traffic.These activities will show you how to use Wireshark to capture and filter network traffic using a display filter.
Wireshark is a free and open source packet analyzer used for network troubleshooting and analysis.
0 kommentar(er)
