Packet — Capture On Nexus 9k

ethanalyzer is a built-in tool based on Wireshark/TShark. It captures control-plane traffic and, with limitations, data-plane traffic.

In ACI mode, use:

Capturing packets on a Cisco Nexus 9000 requires different tools depending on whether you are troubleshooting control plane traffic (traffic to/from the switch itself) or data plane traffic (traffic passing through the switch). The primary methods include for control plane analysis, SPAN/ERSPAN for data plane monitoring, and ELAM for deep hardware-level tracing. Control Plane Capture: Ethanalyzer packet capture on nexus 9k

control plane traffic—packets like OSPF, BGP, or SSH that are destined for the switch's CPU. It is essentially a CLI version of Wireshark built into NX-OS. Key Use: Troubleshooting why a routing adjacency won't form or why you can't ping the management IP. Limitation: It cannot natively see "hardware-switched" data plane traffic that just passes through from one port to another. 2. Data Plane Capture: SPAN & ERSPAN To see user data passing through the switch, you must replicate that traffic to another location. SPAN (Local): Mirrors traffic from a source port to a destination port where you have a laptop or sniffer connected. ERSPAN (Remote): Encapsulates the mirrored traffic in a GRE header and sends it across the network to a remote IP address. SPAN-to-CPU: A powerful hybrid on Nexus 9000 Cloud Scale ASICs. You can SPAN data plane traffic to the switch's own internal supervisor ( sup-eth0 ethanalyzer is a built-in tool based on Wireshark/TShark