Packet capture on Route10

Routers
1

If it’s helpful for anyone, once you setup SSH to your Route10 you can use tcpdump and export it directly to Wireshark on your laptop or other client.

This works from MacOS X, but should work equally well on windows using similar CLI with plink (see Howto – Remote tcpdump capture with Wireshark on Windows – Random notes of a SysAdmin as an example).

From your laptop run the following command (substitute your ip obv)

ssh -n -T root@192.168.1.1 "tcpdump -i br-lan -U -s0 -w - ether host aabbccddeeff" | /Applications/Wireshark.app/Contents/MacOS/Wireshark -k -i -

br-lan = inside interface

ether host aabbccddeeff = Mac address of a host (I prefer this over simply “host 192.168.1.10” if your ipv4/6 dual stacked as is easily obtained in the dashboard).

3 Likes
2

Thanks! I’ve had an occasion or two where I thought a packet capture could come in handy. I’ll have to try this out and see if it makes the process a little simpler to get off the ground :smiley:

1 Like
3

This thread has been automatically closed due to inactivity. If you believe you have the same issue, please create a new post describing your issue. Feel free to link to this post for context if desired.