cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MX Packet Capture?

Highlighted
Here to help

MX Packet Capture?

I need to do a packet capture for voice traffic from a couple VpIP phones from site A to site B.  Only one of the sites has a PRI for outgoing calls so all the traffic for branch offices goes over WAN.  The internal extension dialing has been hit/miss so I want to do a packet capture on the MX64 as well as site B MX64.  Is it as simple as configuring a packet filter for host 1.2.3.4 at each site to capture that traffic? 

3 REPLIES 3
Highlighted
Kind of a big deal

Re: MX Packet Capture?

I would pull the whole pcap, drop it into Wireshark, and perform your filtering there. Sometimes you'll get funky results when you try to filter using the dashboard.

Highlighted
Kind of a big deal

Re: MX Packet Capture?

Yes.

Highlighted
Meraki Employee

Re: MX Packet Capture?

You can always filter the traffic with the following rules, please note that the maximum packet capture duration is 432000 seconds, the capture will stop after 60 seconds, or when 5000 packets have been captured.

 

host 10.20.30.40
packets to and from ip address 10.20.30.40
host 10.20.30.40 and port 80
packets to and from ip address 10.20.30.40 and TCP or UDP port 53 (DNS)
icmp[icmptype] != icmp-echo and icmp[icmptype] != icmp-echoreply
all ICMP packets that are not echo requests/replies (i.e., not ping packets):
ether host 11:22:33:44:55:66
packets to and from ethernet host 11:22:33:44:55:66

 

It is always preferred to run the packet capture without the dashboard filters and use Wireshark filter when we want to check inside header values (i.e. caller and calling station id in radius packets) 

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.