Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-users: Re: [Wireshark-users] Cisco FWSM Capture Dump

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Sake Blok" <sake@xxxxxxxxxx>
Date: Mon, 10 Aug 2009 08:05:23 +0200
Are you sure you are not able to export the capture files? Have a look at http://supportwiki.cisco.com/ViewWiki/index.php/Packet_capture#Gather_captures 

(is is this for more recent versions of FWSM?)

Cheers,
    Sake
----- Original Message ----- From: "Robert D. Scott" <robert@xxxxxxx> 
To: <wireshark-users@xxxxxxxxxxxxx>
Sent: Friday, August 07, 2009 7:08 PM
Subject: [Wireshark-users] Cisco FWSM Capture Dump



Has anyone written a script to convert a Cisco FWSM dump format into a
test2pcap format so I can read them in Wireshark?
text2pcap -l 12 infile.txt outfile.pcap works like a champ when the firewall 
output is in valid format. Hand editing is tedious.

Here is a 3 step tcp handshake from the fwsm:
  9: 12:11:00.692669814 802.1Q vlan#1202 P0 10.227.212.114.3709 >
10.19.1.125.80: S 3444274164:3444274164(0) win 65535 <mss 1460,nop,wscale
7,nop,nop,timestamp 0 0,nop,nop,sackOK>
0x0000   4500 0040 f143 4000 7e06 208f 0ae3 d472        [email protected]@.~. ....r
0x0010   0a13 017d 0e7d 0050 cd4b 73f4 0000 0000        ...}.}.P.Ks.....
0x0020   b002 ffff fb07 0000 0204 05b4 0103 0307        ................
0x0030   0101 080a 0000 0000 0000 0000 0101 0402        ................
 10: 12:11:00.692669814 802.1Q vlan#1202 P0 10.19.1.125.80 >
10.227.212.114.3709: S 1345738498:1345738498(0) ack 3444274165 win 4128 <mss 
536>
0x0000   4500 002c a748 0000 fe06 2a9e 0a13 017d        E..,.H....*....}
0x0010   0ae3 d472 0050 0e7d 5036 5702 cd4b 73f5        ...r.P.}P6W..Ks.
0x0020   6012 1020 a966 0000 0204 0218 0000             `.. .f........
 11: 12:11:00.692669814 802.1Q vlan#1202 P0 10.227.212.114.3709 >
10.19.1.125.80: . ack 1345738499 win 65535
0x0000   4500 0028 f145 4000 7e06 20a5 0ae3 d472        E..(.E@.~. ....r
0x0010   0a13 017d 0e7d 0050 cd4b 73f5 5036 5703        ...}.}.P.Ks.P6W.
0x0020   5010 ffff cda7 0000 0000 0000 0000             P.............

Robert D. Scott                 Robert@xxxxxxx
Senior Network Engineer         352-273-0113 Phone
CNS - Network Services          352-392-2061 CNS Phone Tree
University of Florida           352-392-9440 FAX
Florida Lambda Rail             352-294-3571 FLR NOC
Gainesville, FL  32611          321-663-0421 Cell



___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users

mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube