Wireshark · Ethereal-users: RE: [Ethereal-users] New User - How do I cpature/save Cisco Debugs For Analysis

Ethereal-users: RE: [Ethereal-users] New User - How do I cpature/save Cisco Debugs For Analysis

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Visser, Martin (Sydney)" <Martin.Visser@xxxxxx>

Date: Thu, 20 Jun 2002 16:33:21 +1000

The only way in most Cisco networks to capture data suitable for import into ethereal is the using a NAM module, Network Analysis Module. This is basically a PC on a card that will slot into a Catalyst chassis, and it has RMON2 packet capture capability. (I believe it can save in NAI Sniffer format)

As this usually quite expensive, the normal alternative is to either insert a Ethernet repeater hub on the link you are interested in, or setup a SPAN monitor port on a Catalyst switch, and then capture traffic to an attached PC.

Of course if you can find a Cisco "debug xxx packet" command that produces a sufficiently verbose hex-dump you may be able to use the ethereal "text2pcap" utility to import the trace.

Martin Visser
Network Consultant - Global Services
COMPAQ, part of the new HP

3 Richardson Place
North Ryde, Sydney NSW 2113, Australia
Phone (: +61-2-9022-1670 Mobile È: +61-411-254-513
Fax 7: +61-2-9022-1800 E-mail + : martin.visserAThp.com

-----Original Message-----
From: Albert Rodriguez [mailto:albert@xxxxxxxxxxxxxxxxx]
Sent: Wednesday, 19 June 2002 3:43 PM
To: ethereal-users@xxxxxxxxxxxx
Subject: [Ethereal-users] New User - How do I cpature/save Cisco Debugs For Analysis

Hello everyone,

I am new to ethereal and am uncertain how to capture packets for analysis from a remote Cisco Network. I realise this is probably an elementary question, however, I have already spent several hooud researching to no avail.

I currently log into routers via telnet and view debugs (h323 mostly) through term mon. How can I save these files for viewing in ethereal? Can I cut and paste from HyperTerminal and save in a specific format and then open the file from ethereal? I also see mention of tethereal - will that allow me to capture debug information directly from my terminal session?

Your help will be greatly appreciated.

Thanks!

Albert

Follow-Ups:
- Re: [Ethereal-users] New User - How do I cpature/save Cisco Debugs For Analysis
  - From: Joerg Mayer
- Re: [Ethereal-users] New User - How do I cpature/save Cisco Debugs For Analysis
  - From: Marco van den Bovenkamp
- Re: [Ethereal-users] New User - How do I cpature/save Cisco Debugs For Analysis
  - From: Guy Harris

Prev by Date: [Ethereal-users] Gdk-Error **: Palettized display (256-colour) mode not supported on Windows. aborting...
Next by Date: [Ethereal-users] Problem in putting tethereal to backroud job
Previous by thread: Re: [Ethereal-users] Documentation on Tethereal exit stati
Next by thread: Re: [Ethereal-users] New User - How do I cpature/save Cisco Debugs For Analysis
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$