Re: Wireshark ProCurve ERSPAN Support

[Tim Durack <tdurack () gmail com>]

On Wed, Jan 13, 2010 at 11:37 AM, Bill Meier <wmeier () newsguy com> wrote:
> Let me see if I understand your request:
>
> 1. By "remote packet capture"  I expect you mean the use of the "remote
> traffic mirroring" capability as described in the ProCurve "Management
> and Configuration Guide". Is this correct ?

Yes.

> 2. It sounds like you want to capture/decode the ProCurve remote traffic
> mirroring frames being sent on the network as opposed to using Wireshark
> to capture the mirrored traffic on the "exit port" of a "remote switch".

Correct.

> A question: (I'm kinda new to this stuff). What is gained by capturing
> the encapsulated traffic as opposed to just capturing the traffic on the
> "exit port" ?

I can direct the ERSPAN traffic at a remote monitoring station, and
perform the capture/analysis right there. Wireshark understands Cisco
ERSPAN, which allows me to capture and decode the encapsulated capture
directly.

> In any case, a starting point would be to post a small capture
> containing the encapsulated remote capture packets.

That I can do.

> I suggest opening a enhancement request on bugs.wireshark.org and
> attaching the capture file to to the request.

Thanks for the suggestion, will do so.

Tim:>
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe