 | 1 | initial version |
0x333a3930 is either "3:90" or "09:3", which is, indeed, not the first four bytes of a pcap or pcapng file. I suspect it's "09:3", as it appears, from the other messages, that you were doing this at about 09:38.
I.e. the command
plink.exe -ssh -l testuser -pw Arista@1234 192.168.0.14 "tcpdump interface Ethernet52/1"
appears not to be writing a pcap file to its standard output, so Wireshark is not seeing a pcap file on its standard input, and is reporting the appropriate error.
This Arista Community article on troubleshooting EOS devices seems to show a tcpdump with a non-standard user interface, so that tcpdump interface XXX, rather than the standard tcpdump -i XXX, is the way to capture on an interface named "XXX". I guess they tweaked it to have a non-UNIXy command syntax, perhaps because other native commands have a non-UNIXy command syntax (perhaps because that's the way Cisco went ages ago).
It also shows the command tcpdump interface Management1 filter ether proto 0x88cc printing decoded packets to the standard output rather than writing a pcap file to the standard output, which will not work at all in the sceneioo you describe, and will produce the symptoms you see, because it'll be printing out packet timestamps.
If you want to forward tcpdump output to Wireshark, see the Arista Community article "Forward TCPDump to Wireshark". It appears that, if you run tcpdump from Bash, it behaves more like a standard tcpdump, and can be told to write a pcap file to its standard output (-w -).