Studying packet captures is one of the best methods to learn the operation of protocols in any of the 7 network layers. It doesn’t matter if they were made in wireshark, tshark, tcpdump or any other program.
Thanks to the work of very good people we do not need to create the conditions ourselves and make these captures. There are several “capture banks” available for us to enjoy and learn from:
From very early in my networking career I have been fascinated by protocol details, packet captures and the features of my top 3 application troubleshooting tool: Wireshark.
Getting the captures on the endpoints (clients/servers) is relatively easy but things can get difficult when you want to capture traffic somewhere in between and is hard to do port mirroring (SPAN) on some remote switch.
Packet Capture Capabilities of Cisco Routers and Switches is an old video (4 years is old right?) posted on the Cisco Support Forums that highlights different methods to get on box packet captures in Wireshark .pcap format or in text output.
The video is an hour long but if you’re in a rush I made it easy for you by summarizing the video in an “easy to read” mind map. grouped by IOS, NX-OS and IOS XR. Continue reading