Wireshark · Ethereal-users: Re: [Ethereal-users] New User - How do I cpature/save Cisco Debugs For Analysis

[Marco van den Bovenkamp <marco@xxxxxxxxxxxxxxxxxxx>]

Visser, Martin (Sydney) wrote:

> Of course if you can find a Cisco "debug xxx packet" command that
> produces a sufficiently verbose hex-dump you may be able to use the
> ethereal "text2pcap" utility to import the trace.

Try 'debug ip packet dump' (undocumented, sadly), and the following Perl 
script:

--------------- Cut here -----------------------

#!/usr/bin/perl

# Convert Cisco dump file format to something text2pcap can read.
# Author: Hamish Moffatt <hamish@xxxxxxxxxxxx>.
# License: GPL (see www.gnu.org).

sub dumppkt () {
    for ($i = 0; $i < scalar(@pkt); $i++) {
        if ($i % 16 == 0) {
            printf "\n%08X", $i;
        }

        printf " %02X", $pkt[$i];
    }

}

while(<>) {
    chomp;

    unless (m/[0-9A-F]{8}:/) {
        $new_pkt = 1;
        dumppkt;
        undef @pkt;
        next;
    }

    # Strip the offsets and ASCII dump
    $hex = substr $_, 10, 35;

    # Remove all spaces
    $hex =~ s/ //g;

    # Convert hex bytes on this line
    while ((length $hex) > 0) {
        push @pkt, hex (substr $hex, 0, 2, "");
    }

}

dumppkt;
print "\n";

--------------- Cut here ------------------

			Regards,

					Marco.