Viewing a pcap file with sniffer pro – Nortel Networks NN46110-602 User Manual
Page 127
Chapter 5 Packet capture 127
Nortel VPN Router Troubleshooting
6
Enter the password that you entered when you enabled packet capture (see
“Enabling packet capture on a VPN Router” on page 111
7
From the open Ethereal window, disable Enable network name resolution.
If this parameter is enabled, a large PCAP file takes a long time to open
because every address captured tries to perform name address resolution.
8
Open the packet capture file (for example,
ethernet.cap
).
Viewing a PCAP file with Sniffer Pro
Because Sniffer Pro is not free shareware, it is assumed that you have already
installed the software on the PC. To view a VPN Router PCAP file with Sniffer
Pro:
1
Install Ethereal software (see
“Installing Ethereal software” on page 125
).
2
Save the packet capture file and download it to the PC as described in steps
1-6 of
“Saving, downloading, and viewing PCAP files” on page 126
.
3
Open a new DOS window and change directory to the c:\Program
Files\Ethereal directory to access the
editcap
command.
4
Run the
editcap
command so that Sniffer Pro can view the capture. If the
capture was done on an Ethernet interface or on a tunnel, type the extension
.enc
; if the capture was on done on WAN interface, type the extension
.syc
.
Following are sample commands.
Ethernet interface capture:
editcap -F ngsniffer d:\pcap\ether.cap ether1.enc
IPsec tunnel capture:
editcap -T ether -F ngsniffer d:\pcap\ipsec.cap ipsec.enc
Global IP capture:
editcap -T ether -F ngsniffer d:\pcap\rawip.cap rawip.enc
Note: If you plan to use Sniffer Pro to view the capture file, go to the
next section,