Cisco Nexus 5000 Series Switch Fabric Manager Software Configuration Guide, NX-OS 4.0 (OL-16598-01, June 2008)
Send comments to nx5000-docfeedback@cisco.com
31-18
Nexus 5000 Series Switch Fabric Manager Software Configuration Guide
OL-16598-01
Chapter 31 Troubleshooting Your Fabric
Configuring a Fabric Analyzer
Remote Capture Daemon
This daemon is the server end of the remote capture component. The Wireshark analyzer running on a
host is the client end. They communicate with each other using the Remote Capture Protocol (RPCAP).
RPCAP uses two endpoints, a TCP-based control connection and a TCP or UDP-based data connection
based on TCP (default) or UDP. The control connection is used to remotely control the captures (start or
stop the capture, or specify capture filters). Remote capture can only be performed to explicitly
configured hosts. This technique prevents an unauthorized machine in the network from snooping on the
control traffic in the network.
RPCAP supports two setup connection modes based on firewall restrictions:
• Passive mode (default)—The configured host initiates connection to the switch. Multiple hosts can
be configured to be in passive mode and multiple hosts can be connected and receive remote captures
at the same time.
• Active mode—The switch initiates the connection to a configured host, one host at a time.
Using capture filters, you can limit the amount of traffic that is actually sent to the client. Capture filters
are specified at the client end on Wireshark, not on the switch.
GUI-Based Client
The Wireshark software runs on a host, such as a PC or workstation, and communicates with the remote
capture daemon. This software is available in the public domain from http://www.wireshark.org. The
Wireshark GUI front-end supports a rich interface such as a colored display, graphical help in defining
filters, and specific frame searches. These features are documented on Wireshark’s website.
While remote capture through Wireshark supports capturing and decoding Fibre Channel frames from a
Cisco Nexus 5000 Series switch, the host running Wireshark does not require a Fibre Channel
connection to the switch. The remote capture daemon running on the switch sends the captured frames
over the out-of-band Ethernet management port. This capability allows you to capture and decode Fibre
Channel frames from your desktop or laptop.
Configuring the Cisco Fabric Analyzer
You can configure the Cisco Fabric Analyzer to perform one of two captures:
• Local capture—A local capture cannot be saved to persistent storage or synchronized to standby. It
launches the textual version on the fabric analyzer directly on the console screen. The capture can
also be saved on the local file system.
• Remote capture—A remote capture can be saved to persistent storage. It can be synchronized to the
standby supervisor module and a stateless restart can be issued, if required.
To use the Cisco Fabric Analyzer feature, traffic should be flowing to or from the supervisor module.