Security features, File format – Nortel Networks NN46110-602 User Manual

Chapter 5 Packet capture 105

Nortel VPN Router Troubleshooting

•

limit the traffic that the filters capture

•

automatically start and stop packet capture with triggers

Security features

Packet capture on the VPN Router provides the following features to enhance
security:

•

Packet capture is disabled by default. You can enable packet capture using the
CLI through the serial port only.

•

To enable packet capture, you must configure a separate capture password.

•

When you save a capture buffer to a file on disk, the file is encrypted. You
must enter the capture password to decrypt PCAP files.

•

To open a capture file, you use a tool called openpcap that is shipped with
VPN Router software. The tool is built for both 128-bit and 56-bit versions
and uses the same cryptographic library that the server code uses. The
openpcap tool prompts you for a password.

•

Packet capture configuration is not saved in LDAP or in the configuration file.
When you reboot the VPN Router, the packet capture configuration is lost.

File format

Packets are stored in PCAP/TCPDUMP file format. Many tools recognize this file
format. Packets are saved with the following additional information:

•

timestamp of the packet

•

length of the portion of the packet present in the PCAP file

•

length of the entire packet as it was received or sent on the wire

Note: The VPN Router does not provide tools for opening and viewing
captured data. You must offload the PCAP files to view them.