08-09-2012 11:41 AM
We are troubleshooting some issues with secure device provisioning and we do not have remote FTP or TFTP over the public internet with our problem sites. We are using embedded packet capture to capture the traffic on the router and on the WAN interface. We are unable to export normally without ftp or tftp and are left with doing a hex dump on the router using the following command.
sho monitor capture buffer <buffer name> dump
This provides an output that we are logging using putty log feature.
The big question is can we convert the hex output to a file that wireshark can read?
Example of the output.
17:54:34.102 UTC Aug 9 2012 : IPv4 LES CEF : Fa0/1 None
47E12ED0: 001B0CC2 ACA97444 01AD68F1 ...B,)tD.-hq
47E12EE0: 08004520 0058DAF4 40003006 FCCDA750 ..E .XZt@.0.|M'P
47E12EF0: F6C1451D 8F8ECEBD 00168656 9BD474B3 vAE...N=...V.Tt3
47E12F00: 63F15018 F710ABA0 00006753 32B229D0 cqP.w.+ ..gS22)P
47E12F10: 99C5AA42 460C6CEE AA4B9302 F449D891 .E*BF.ln*K..tIX.
47E12F20: E7B0E389 61E9846E 57BBDC4F 32C5E6CE g0c.ai.nW;\O2EfN
47E12F30: DE448226 C3E8815C 66A4D2 ^D.&Ch.\f$R
17:54:34.102 UTC Aug 9 2012 : IPv4 Process : Fa0/1 None
47E12ED0: 001B0CC2 ACA97444 01AD68F1 ...B,)tD.-hq
47E12EE0: 08004520 0058DAF4 40003006 FCCDA750 ..E .XZt@.0.|M'P
47E12EF0: F6C1451D 8F8ECEBD 00168656 9BD474B3 vAE...N=...V.Tt3
47E12F00: 63F15018 F710ABA0 00006753 32B229D0 cqP.w.+ ..gS22)P
47E12F10: 99C5AA42 460C6CEE AA4B9302 F449D891 .E*BF.ln*K..tIX.
47E12F20: E7B0E389 61E9846E 57BBDC4F 32C5E6CE g0c.ai.nW;\O2EfN
47E12F30: DE448226 C3E8815C 66A4D2 ^D.&Ch.\f$R
08-13-2012 03:03 AM
You might have to do some pre-processing first, but text2pcap should be able to do what you want. Check the man pages for details.
http://www.wireshark.org/docs/man-pages/text2pcap.html
Matthew
08-13-2012 06:17 AM
We discovered the text2cap function but the formatting proved to be a very time consuming process. We found another method that is much easier.
We used SCP to transfer the files over port 22
1. Export the capture buffer to the router flash
monitor capture buffer
2. Enable the SCP server on the remote router
ip scp-server enable
3. Configure a level 15 ID and Password
username PASS privilege 15 password XXX
4. From a local machine that has SSH access to the remote router public IP perform the following
scp -v (userID)@pubIP:flash:
the -v is the verbose switch. It can be turned off.
This worked much better than trying to format the data
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide