Based on the other postings, it looks like I need to test this on another platform. I may have omitted to mention this earlier, but IP Traffic Export is not mentioned in Cisco's Feature Navigator for this code release on the 7200. It's possible that this feature was compiled in but never tested and perhaps not supported.
I've opened up a case with TAC and we'll see how that goes. At the same time, I'm going to try to see if I can find a 3600/3800 from another company, a box that does specifically support IP Traffic Export. I could also load a 12.3 line of code that does officially support that feature on the 7200 and see if it acts any differently/better. Regards, Frank -----Original Message----- From: Bill Meier [mailto:[EMAIL PROTECTED] Sent: Saturday, March 01, 2008 2:18 PM To: Community support list for Wireshark Cc: [EMAIL PROTECTED] Subject: Re: [Wireshark-users] Decoding packets from a Cisco's "ip traffic-export" flow Frank Bulk wrote: > Thanks! Did you use bittwiste with the '-D' option to remove the first 24 > bytes? Actually: I did it the hard way using Wireshark export, an editor and then text2pcap. :) (It's only the first 12 bytes that need to be removed). > > The "from" in your modified capture is properly decoded as the Sony laptop > I'm using (00:01:4a:9e:0e:06), but the destination (08:00:b6:53:00:08) seems > to be some kind of variation off of the MAC address of the 7200VXR's > FastEthernet interface (0030.b653.0008) that Sony laptop is connected to. > Perhaps it's the MAC address of loopback interface I have defined for the > Virtual-Template? > > In any case, is there an option in Wireshark to ignore the first 'x' bytes, > or, is it possible for someone to write a dissector that handles the IP > Traffic Export format, perhaps making it optional in the "Frame" section in > the same way that "Treat all frames as DOCSIS frames"? > 1. AFAIK there's no option to ignore the first x bytes. 2. It's certainly possible add some code to be able to process this type of capture. That being said, as you've suggested one would want to know more as to whether this is a standard Cisco format for 'IP Traffic Export' and so on. I'm not familiar with this Cisco functionality so I'll leave the decision as to the best way to proceed to those who are. _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users