No options. :(
dcpopl3-fwsm-1/cns/act# sho cap c1 dump ?
access-list Display packets matching access-list
count Display <number> of packets in capture
decode Display decode information for each packet
detail Display more information for each packet
packet-number Display packet <number> in capture
| Output modifiers
<cr>
The ACE allows the export of a capture that is read correctly by Wireshark,
but the saving and exporting functionality is not in the fwsm 4.0(2). :(
Robert D. Scott Robert@xxxxxxx
Senior Network Engineer 352-273-0113 Phone
CNS - Network Services 352-392-2061 CNS Phone Tree
University of Florida 352-392-9440 FAX
Florida Lambda Rail 352-294-3571 FLR NOC
Gainesville, FL 32611 321-663-0421 Cell
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Guy Harris
Sent: Friday, August 07, 2009 1:19 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Cisco FWSM Capture Dump
On Aug 7, 2009, at 10:08 AM, Robert D. Scott wrote:
> Here is a 3 step tcp handshake from the fwsm:
> 9: 12:11:00.692669814 802.1Q vlan#1202 P0 10.227.212.114.3709 >
> 10.19.1.125.80: S 3444274164:3444274164(0) win 65535 <mss
> 1460,nop,wscale
> 7,nop,nop,timestamp 0 0,nop,nop,sackOK>
> 0x0000 4500 0040 f143 4000 7e06 208f 0ae3 d472
> [email protected]@.~. ....r
> 0x0010 0a13 017d 0e7d 0050 cd4b 73f4 0000
> 0000 ...}.}.P.Ks.....
> 0x0020 b002 ffff fb07 0000 0204 05b4 0103
> 0307 ................
> 0x0030 0101 080a 0000 0000 0000 0000 0101
> 0402 ................
That looks like tcpdump output; is that output generated by the FWSM?
If so, there might also be an option to make it generate a pcap-format
file.
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
