1.3.c Interpret packet capture

1.3.c [i] Using Wireshark trace analyzer

Beginning with Cisco IOS Release XE 3.3.0SG , the Catalyst 4500 series switch supports Wireshark, a packet analyzer program, also known as Ethereal, which supports multiple protocols and presents
information in a text-based user interface. The key concepts around IOS XE based wireshark are:

● Capture points (a capture point is the central policy definition of the Wireshark feature)

● Attachment points (it refers to Interfaces and traffic directions)

● Filters (filters are attributes of a capture point that identify and limit the subset of traffic traveling through the attachment point of a capture point, which is copied and passed to Wireshark)

● Actions

● Storing captured packets to memory buffers


