[go: up one dir, main page]
Skip to content

Ciscodump fails to start capture on Cisco IOS

Summary

Capturing live traffic using Cisco remote capture fails to start on Cisco IOS

My findings

Wireshark's ciscodump.c does not exit configuration mode after cleaning up the possible previous capture config thus failing to setup the current capture

Version 4.0.17 works fine, versions since 4.2.3 produce the error. Versions in between do not allow using SHA1 to connect via ssh so I could not check (IOS 15.7(3)M9 does not have SHA1)

Steps to reproduce

Use latest (4.4.8) Wireshark's Cisco remote capture to capture traffic from Cisco IOS

What is the current bug behavior?

Wireshark fails with the following message:

Received response: terminal length 0
                         ^
% Invalid input detected at '^' marker.

alaGW01(config)#
Error running ssh remote command

Some lines from Wireshark's debug:

 ** (ciscodump:13120) 11:59:24.769715 [ciscodump WARNING] C:\gitlab-builds\builds\MsQ3pox2\1\wireshark\wireshark\extcap\ciscodump.c:1558 -- run_capture_ios(): Received response: terminal length 0
                         ^
% Invalid input detected at '^' marker.

alaGW01(config)#
 ** (ciscodump:13120) 11:59:24.769951 [ciscodump WARNING] C:\gitlab-builds\builds\MsQ3pox2\1\wireshark\wireshark\extcap\ciscodump.c:1684 -- run_capture_ios(): Error running ssh remote command

In interactive Cisco console it would be like this:

alaGW01(config)#terminal length 0
                         ^
% Invalid input detected at '^' marker.
alaGW01(config)#

But in fact terminal legth 0 should be entered in EXEC mode (not configuration mode) like this:

alaGW01#terminal length 0
alaGW01#

To fix this issue Wireshark should send end command (exit from configuration mode) on finishing up the cleaning process

What is the expected correct behavior?

Wireshark should be showing live captured packets

Build information

Version 4.4.8 (v4.4.8-0-g0d289c003bfb).

Compiled (64-bit) using Microsoft Visual Studio 2022 (VC++ 14.41, build 34123),
with GLib 2.80.0, with Qt 6.5.3, with libpcap, with zlib 1.3.1, with zlib-ng
2.1.5, with PCRE2, with Lua 5.4.6 (with UfW patches), with GnuTLS 3.8.4 and PKCS
#11 support, with Gcrypt 1.10.2-unknown, with Kerberos (MIT), with MaxMind, with
nghttp2 1.62.1, with nghttp3 0.14.0, with brotli, with LZ4, with Zstandard, with
Snappy, with libxml2 2.13.5, with libsmi 0.5.0, with Minizip-ng , with
QtMultimedia, with automatic updates using WinSparkle 0.8.0, with AirPcap, with
binary plugins.

Running on 64-bit Windows 11 (24H2), build 26100, with Intel(R) Core(TM) i5-7500
CPU @ 3.40GHz (with SSE4.2), with 16255 MB of physical memory, with GLib 2.80.0,
with Qt 6.5.3, with Npcap version 1.80, based on libpcap version 1.10.4, with
PCRE2 10.43 2024-02-16, with c-ares 1.27.0, with GnuTLS 3.8.4, with Gcrypt
1.10.2-unknown, with nghttp2 1.62.1, with nghttp3 0.14.0, with brotli 1.0.9,
with LZ4 1.9.4, with Zstandard 1.5.6, without AirPcap, with light display mode,
without HiDPI, with QPA plugin "windows", with LC_TYPE=English_United
States.utf8, binary plugins supported.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information