• State Not Answered
  • Locked Locked
  • Replies 0 replies
  • Subscribers 25 subscribers
  • Views 323 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Remote Packet Capture Using Cisco IOS w/ Conversion to .pcap

dhardy

I'm purposely put a .txt extension on these files for upload, and have not included any executables... the executable being a compiled form of the perl script, that runs independently of requirements to run perl. I just don't know if executables are allowed here.

 I am going to include an archive "Rawpcap-withExecutables.zip" just in case that is allowed. You'll be able to extract the "Capture" folder from there, place it in c:\, and it'll work.

 I'll explain how to make it work from scratch.

Here I have include a perl script called "dump.pl.txt", a batch file called "Dump2PCAP.bat.txt", "Folder.txt" and several commands that help when collecting the debug logs from the router.

dump.pl - I compiled this with 'TinyPerl' so the whole setup can easily be shared and run on other PCs. You see this in the batch file called RAW2TEXT.exe. Which again I haven't included here since I don't know the rules on uploading executables. If it is ok to do so, I will upload in the future if requested... but you can make the same thing with TinyPerl

Folder.txt - I just included this to show how the folder structure and files are laid out with the batch file. You see dump.txt in the root of the folders. That is the actually debug logs copied from the router via TFTP. Placing that raw content there and running Dump2PCAP out puts Capture.pcap in the root, which is then ready to be opened with Wireshark.

Dump2PCAP.bat - Just an example of how I automated the process.

Commands.txt - Commands to include so you don't end up killing the router. Shows insure you have a clean log, and how to TFTP it to your computer.

You'll have to grab text2pcap.exe from the root of your wireshark directory. It's in there.

*NOTE: Sometimes the entire packet won't get logged, and get recorded in the middle somewhere. When this happens the perl script won't notice, but when you go to convert to .pcap you will see some packets not getting written. Those are corrupt captures at the beginning and the end of the capture.

If it ends up being ok to just zip all of it, including executables I'll just do that to make it easier setup.

Rawpcap.zip

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.