Administrator Guide
Layer 2 Switching Commands 650
Remote capture can be enabled or disabled using the CLI. The network
operator should obtain a computer with the Wireshark tool to display the
captured traffic. When using remote capture mode, the switch doesn’t store
any captured data locally.
The local TCP port number can be configured for connecting Wireshark to
the switch. The default port number is 2002. If a firewall is installed between
the Wireshark PC and the switch, these ports must be allowed to pass
through the firewall. The Firewall must be configured to allow the Wireshark
PC to initiate a TCP connection to the switch.
The remote capture application listens on the configured TCP port for a
connection request. Wireshark must send a request to that port to establish a
connection. Once the socket connection to Wireshark has been established,
captured CPU packets are written to the data socket. Wireshark receives the
packets and processes them locally. This continues until the session is
terminated by either end.
The following Wireshark request packets are supported:
• Request to list all the remote interfaces
• Request to open a remote device
• Request to start a capture on a remote device
• Request to close the connection with the remote peer
• Message that keeps the authentication parameters
• Request to get network statistics
• Request to stop the current capture, keeping the device open
The following Wireshark replies are supported:
• Reply that sends the list of all the remote interfaces
• Reply that the remote device has been opened correctly
• Reply that capturing has started correctly
• Reply that says 'ok, authorization successful'
• Reply that keeps network statistics
• Reply that confirms capturing stopped successfully
Remote capture is not supported for packets received via out-of-band ports.