MX Packet Capture?

MattPainter
Here to help

MX Packet Capture?

I need to do a packet capture for voice traffic from a couple VpIP phones from site A to site B.  Only one of the sites has a PRI for outgoing calls so all the traffic for branch offices goes over WAN.  The internal extension dialing has been hit/miss so I want to do a packet capture on the MX64 as well as site B MX64.  Is it as simple as configuring a packet filter for host 1.2.3.4 at each site to capture that traffic? 

3 REPLIES 3
Nash
Kind of a big deal

I would pull the whole pcap, drop it into Wireshark, and perform your filtering there. Sometimes you'll get funky results when you try to filter using the dashboard.

PhilipDAth
Kind of a big deal

Yes.

Mayur_Gadhvi
Meraki Alumni (Retired)

You can always filter the traffic with the following rules, please note that the maximum packet capture duration is 432000 seconds, the capture will stop after 60 seconds, or when 5000 packets have been captured.

 

host 10.20.30.40
packets to and from ip address 10.20.30.40
host 10.20.30.40 and port 80
packets to and from ip address 10.20.30.40 and TCP or UDP port 53 (DNS)
icmp[icmptype] != icmp-echo and icmp[icmptype] != icmp-echoreply
all ICMP packets that are not echo requests/replies (i.e., not ping packets):
ether host 11:22:33:44:55:66
packets to and from ethernet host 11:22:33:44:55:66

 

It is always preferred to run the packet capture without the dashboard filters and use Wireshark filter when we want to check inside header values (i.e. caller and calling station id in radius packets) 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels