RE: [Ethereal-users] New User - How do I cpature/save Cisco Debugs For Analysis

["Visser, Martin (Sydney)" <Martin.Visser@xxxxxx>]

The only way in most Cisco networks to capture data suitable for import into ethereal is the using a NAM module, Network Analysis Module. This is basically a PC on a card that will slot into a Catalyst chassis, and it has RMON2 packet capture capability. (I believe it can save in NAI Sniffer format)

 

As this usually quite expensive, the normal alternative is to either insert a Ethernet repeater hub on the link you are interested in, or setup a SPAN monitor port on a Catalyst switch, and then capture traffic to an attached PC.

 

Of course if you can find a Cisco "debug xxx packet" command that produces a sufficiently verbose hex-dump you may be able to use the ethereal "text2pcap" utility to import the trace.

Martin Visser
Network Consultant - Global Services
COMPAQ, part of the new HP

3 Richardson Place
North Ryde, Sydney NSW 2113, Australia
Phone (: +61-2-9022-1670    Mobile È: +61-411-254-513
   Fax 7: +61-2-9022-1800     E-mail + : martin.visserAThp.com

-----Original Message-----
From: Albert Rodriguez [mailto:albert@xxxxxxxxxxxxxxxxx]
Sent: Wednesday, 19 June 2002 3:43 PM
To: ethereal-users@xxxxxxxxxxxx
Subject: [Ethereal-users] New User - How do I cpature/save Cisco Debugs For Analysis

Hello everyone,

 

I am new to ethereal and am uncertain how to capture packets for analysis from a remote Cisco Network. I realise this is probably an elementary question, however, I have already spent several hooud researching to no avail.

 

I currently log into routers via telnet and view debugs (h323 mostly) through term mon. How can I save these files for viewing in ethereal? Can I cut and paste from HyperTerminal and save in a specific format and then open the file from ethereal? I also see mention of tethereal - will that allow me to capture debug information directly from my terminal session?

 

Your help will be greatly appreciated.

 

Thanks!

Albert