I want to forward TCPDump to Wireshark as described in https://eos.arista.com/forward-tcpdump-to-wireshark/; however, I think VRF is preventing packets from reaching the remote host that is running Wireshark.
To give some background, we have applied a VRF to the switch’s management port (m1). As a consequence, we have to use the VRF instance name when transferring files from the switch to a remote host as follows: “copy running-config tftp://host.abc.xzy/config.conf vrf MGT”. In the case of tcpdump-to-wireshark failing to work, my suspicion is that, from bash, tcpdump is prevented from forwarding packets to the remote host since there is no route to the remote host in the default VRF. In the following example from the article cited above, is there a way to forward tcpdump to Wireshark on a remote host via the management VRF, as with the above “copy” command example?
Forward-tcpdump-to-wireshark example (https://eos.arista.com/forward-tcpdump-to-wireshark/):
On the Arista switch
tcpdump -s 0 -U -n -w - -i <interface> | nc <computer-ip> <port>
netcat -l -p <port> | wireshark -k -S -i -
Post your Answer
You must be logged in to post an answer.