Ethereal

Re: [Ethereal-users] New User - How do I cpature/save Cisco Debugs For Analysis
Google
 
Web Ethereal.com

Home | Introduction | Documentation | Lists | FAQ | Development | Wiki | Bugs

Main Index | Thread Index | Mailing Lists | | Date Prev | Date Next | Thread Prev | Thread Next

Ethereal-users: June 2002

 

Visser, Martin (Sydney) wrote:

> Of course if you can find a Cisco "debug xxx packet" command that
> produces a sufficiently verbose hex-dump you may be able to use the
> ethereal "text2pcap" utility to import the trace.

Try 'debug ip packet dump' (undocumented, sadly), and the following Perl script:

--------------- Cut here -----------------------

#!/usr/bin/perl

# Convert Cisco dump file format to something text2pcap can read.
# Author: Hamish Moffatt <hamish@xxxxxxxxxxxx>.
# License: GPL (see www.gnu.org).

sub dumppkt () {
    for ($i = 0; $i < scalar(@pkt); $i++) {
        if ($i % 16 == 0) {
            printf "\n%08X", $i;
        }

        printf " %02X", $pkt[$i];
    }

}

while(<>) {
    chomp;

    unless (m/[0-9A-F]{8}:/) {
        $new_pkt = 1;
        dumppkt;
        undef @pkt;
        next;
    }

    # Strip the offsets and ASCII dump
    $hex = substr $_, 10, 35;

    # Remove all spaces
    $hex =~ s/ //g;

    # Convert hex bytes on this line
    while ((length $hex) > 0) {
        push @pkt, hex (substr $hex, 0, 2, "");
    }

}

dumppkt;
print "\n";

--------------- Cut here ------------------

			Regards,

					Marco.



Powered by MHonArc 2.6.10

Please send support questions about Ethereal to the ethereal-users[AT]ethereal.com mailing list.
For corrections/additions/suggestions for this web page (and not Ethereal support questions), please send email to ethereal-web[AT]ethereal.com.
Last modified: Fri, November 10 2006.
"Ethereal" and the "e" logo are registered trademarks of Ethereal, Inc.