This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark cannot capture the network traffic of Cisco 2811 router

0
1

On Cisco 2811 router, I type the following configuration:

config t
ip traffic-export profile newprofile
  interface Fa0/1
  bidirectional
  mac-address {the MAC address of the PC with Wireshark installed}
  incoming sample one-in-every 2
  outgoing sample one-in-every 2
  exit
interface Fa0/0
  ip traffic-export
  apply newprofile

I open Wireshark on the PC and try to capture the network traffic of the 2811 router I type the IP of the 2811 router as the "Remote" host IP and click "OK" But Wireshark claim that the 2811 router reject the connection

What else can I do for Wireshark capture the network traffic of the 2811 router ?

asked 04 May '11, 08:55

andresbag's gravatar image

andresbag
1121
accept rate: 0%

edited 04 May '11, 09:13

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245

One Answer:

1

The ip traffic-export functionality of the cisco is not related to the remote capture functionality in Wireshark. For remote capture functionality, you will need a second system with WinPcap running and rpcapd running.

The cisco ip traffic-export will send a copy of the selected traffic to the configured mac-address. If that mac-address is of the Wireshark PC and the WIreshark PC is directly connected to the listed interface, then you should be able to see the copied traffic.

answered 04 May '11, 09:16

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%