Wireshark-users: Re: [Wireshark-users] Cisco FWSM Capture Dump

From: Joerg Mayer <jmayer@xxxxxxxxx>
Date: Mon, 10 Aug 2009 18:26:27 +0200

On Mon, Aug 10, 2009 at 11:43:35AM -0400, Robert D. Scott wrote:
> These commands are NOT available in individual contexts.  Only in the sys
> context, and there is no IP on a sys context to get the file off the FWSM,
> and requires root access to the FWSM. Of course the Cisco doc are lacking in
> this regard.  In this firewall configuration the only access to sys is via a
> session command, or to change con sys from an ssh session. We do not permit
> admins access to sys. 

You are right! While capturing is ok, copying the capture isn't :-(

> My original question is still valid.

I've written a small perlhack that converts the output to something
text2pcap can copy with. I hope that helps.

I tested with the following command line:
./test.pl test | text2pcap -e 0800 - - >test.pcap

 ciao
     Joerg
-- 
Joerg Mayer                                           <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.

Attachment: test.pl
Description: Perl program