These below commands allow anyone to live stream the packet info to wireshark application on their Mac without having to capture on their device and then copy to mac...
To send tcpdump directly to wireshark:
ssh root@mt701 "tcpdump -s 0 -Un -w - -i vlan100" | wireshark -k -i -
The above command will:
- Tcpdump on the Arista EOS device mt701
- Capture packets of vlan100 (change to your desired interface)
- Pipe the output to Wireshark application on your Mac/Desktop
Tcpdump on a different VRF-"dhcpvrf"
ssh root@mc327 "ip netns exec ns-dhcpvrf tcpdump -i vlan10 port 67 or port 68 " | wireshark -k -i -
Tcpdump on a different VRF-"dhcpvrf"
ssh root@mc327 "ip netns exec ns-dhcpvrf tcpdump -i vlan10 port 67 or port 68 " | wireshark -k -i -
The main command telling the VRF info is: "ip netns exec ns-dhcpvrf tcpdump -i vlan2 port 67 or port 68"
The above command will:
- Tcpdump on the Arista EOS device mc327
- Capture packets on VRF "dhcpvrf" (change name to your desired vrf name)
- Capture packets of vlan2 (change to your desired interface)
- Capture packets on Port 67 or Port 68 only
- Pipe the output to Wireshark application on your Mac/Desktop
Great post, please keep on sharing amazing article like this! It makes me happy reading your post. Arista Networks SDCN solutions give complete control to the network and system administrator to enjoy best-in class software and networking foundation for scaling business needs. Visit us on Bradford Networks Houston
ReplyDelete