Filter
Top Products
Chapter 5 Packet capture 127
Nortel VPN Router Troubleshooting
6 Enter the password that you entered when you enabled packet capture (see
“Enabling packet capture on a VPN Router” on page 111).
7 From the open Ethereal window, disable Enable network name resolution.
If this parameter is enabled, a large PCAP file takes a long time to open
because every address captured tries to perform name address resolution.
8 Open the packet capture file (for example,
ethernet.cap).
Viewing a PCAP file with Sniffer Pro
Because Sniffer Pro is not free shareware, it is assumed that you have already
installed the software on the PC. To view a VPN Router PCAP file with Sniffer
Pro:
1 Install Ethereal software (see “Installing Ethereal software” on page 125).
2 Save the packet capture file and download it to the PC as described in steps
1-6 of “Saving, downloading, and viewing PCAP files” on page 126.
3 Open a new DOS window and change directory to the c:\Program
Files\Ethereal directory to access the
editcap command.
4 Run the
editcap command so that Sniffer Pro can view the capture. If the
capture was done on an Ethernet interface or on a tunnel, type the extension
.enc; if the capture was on done on WAN interface, type the extension .syc.
Following are sample commands.
Ethernet interface capture:
editcap -F ngsniffer d:\pcap\ether.cap ether1.enc
IPsec tunnel capture:
editcap -T ether -F ngsniffer d:\pcap\ipsec.cap ipsec.enc
Global IP capture:
editcap -T ether -F ngsniffer d:\pcap\rawip.cap rawip.enc
Note: If you plan to use Sniffer Pro to view the capture file, go to the
next section, “Viewing a PCAP file with Sniffer Pro” on page 127.