On Wed, Jan 13, 2010 at 11:37 AM, Bill Meier <[email protected]> wrote: > Let me see if I understand your request: > > 1. By "remote packet capture" I expect you mean the use of the "remote > traffic mirroring" capability as described in the ProCurve "Management > and Configuration Guide". Is this correct ?
Yes. > 2. It sounds like you want to capture/decode the ProCurve remote traffic > mirroring frames being sent on the network as opposed to using Wireshark > to capture the mirrored traffic on the "exit port" of a "remote switch". Correct. > A question: (I'm kinda new to this stuff). What is gained by capturing > the encapsulated traffic as opposed to just capturing the traffic on the > "exit port" ? I can direct the ERSPAN traffic at a remote monitoring station, and perform the capture/analysis right there. Wireshark understands Cisco ERSPAN, which allows me to capture and decode the encapsulated capture directly. > In any case, a starting point would be to post a small capture > containing the encapsulated remote capture packets. That I can do. > I suggest opening a enhancement request on bugs.wireshark.org and > attaching the capture file to to the request. Thanks for the suggestion, will do so. Tim:> ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
