Forum Discussion
aspindler34_133
Nimbostratus
NimbostratusWireshark Plugin for F5 diagnostics
I am attempting to install the wireshark plugin on my windows machine. Is there anyway in wireshark to verify that it is working? During a pcap from an F5 appliance where are the fields located that are produced from doing a :nnn in the tcp dump?
thanks
gsharriAltostratus
What does your tcpdump command look like? Be sure you include -s 0 (zero) in the tcpdump command. It's required for the extra detail levels.
You should see an "F5 ethernet trailer" when viewing the capture in Wireshark.
aspindler34_133gotcha i should have specified that i am using that F5thtrailer plugin. ill give it a shot, thanks.
- aspindler34_133
I still don't see anything in my packet capture that looks F5 related.
cmd: tcpdump -s0 -pni INSIDE:nnn host IP host
where is the "Ethernet Trailer" specifically in the capture? i don't see anything in the info column or the details pane.
- aspindler34_133
i do have this in the ethernet portion which I didn't notice before. I am not sure its relevant.
Trailer: 01050101000000021c010000570000e088000000570000e0...
- aspindler34_133
I think I'll have to wait. After doing a bit of research, it would appear that my version of wireshark on windows does not play nice with this plugin. (wireshark version 1.12.3)
Thanks for all the help your screen cap is exactly what I wanted to see.
- gsharri
Good to know. The most recent version of the F5 plugin is for WS 1.12.1 and in your experience it doesn't work on WS 1.12.3, correct?
- aspindler34_133
correct.