I've configured one of our Aruba switches to forward inbound traffic to my desktop so I can capture it remotely in Wireshark. I followed this info.
I'm specifically interested in DHCP on UDP ports 67 and 68 but only at specific times - there is an issue with DHCP snooping that only happens randomly and infrequently throughout the day.
The transmission from the switch is wrapped up in udp port 9999 but if I set up the capture filter in Wireshark to watch traffic only from the source switch IP and UDP port 67 and 68 (ip src 192.168.xxx.xxx and udp portrange 67-68) I obviously see nothing as it's all coming in 9999.
Is there a way to filter what is captured, in this setup, or am I stuck with capturing all of it and then filtering on display?
I'd rather not have to capture all of it, continuously, all day because the problem I'm investigating happens intermittently and I have no idea when it's going to happen.
Many thanks
No comments:
Post a Comment