beautypg.com

The pcapdump cli command – Amer Networks E5Web GUI User Manual

Page 107

background image

Generation date/time: 2008-07-04 14:23:56 List of loaded PE-modules:
fwloader(1.07.04): BA:0x00100000, EP:0x00101028, SS:0x0, IS:0xe7000
fwcore(810.20.02-2336): BA:0x07761038, EP:0x0007c630 Register dump:
----------------------------------------------------
r0 : 0xe1a0003c, r1 : 0x07c685dc, r2 : 0x00000004, r3 : 0x50013700,
r4 : 0x06cb2d04, r5 : 0x0753a740, r6 : 0x050ce1f8, r7 : 0x00000000,
r8 : 0x0753a79c, r9 : 0x050ce1f8, r10: 0x00000000, r11: 0x0775ff34,
r12: 0x00000004, sp : 0x0775fcec, lr : 0x079de7e4 Stack dump:
5da89306 c33613f4 c330cfc5 04411507 45515a49 86619f8b c0db0a81
4e395861 cb25b796 e3108934 932766c5 4dcff9e9 711c3463 b9cd5d1e
52149961 9324dea3 d340dc25 15458610 63582ded 689a0c54 dfb43131
02c7d971 a0ebb72c bfaae832 db216923 08ba693b 95e4de97 98d121a2
'
'

Although dconsole output may be difficult to interpret by the administrator, it can be emailed to
Clavister support representatives for further investigation.

The dconsole command supersedes the crashdump command found in earlier versions of cOS
Core.

2.5.3. The pcapdump CLI Command

A valuable diagnostic tool is the ability to examine the packets that enter and leave the
interfaces of a Clavister Security Gateway. For this purpose, cOS Core provides the CLI command
pcapdump which not only allows the examination of packet streams entering and leaving
interfaces but also allows the filtering of these streams according to specified criteria.

The packets that are filtered out by pcapdump can then be saved in a file of type .cap which is the
defacto libpcap library file format standard for packet capture.

The complete syntax of the pcapdump CLI command is described in the CLI Reference Guide.

A Simple Example

An example of pcapdump usage is the following sequence:

Device:/> pcapdump -size 1024 -start lan
Device:/> pcapdump -stop lan
Device:/> pcapdump -show
Device:/> pcapdump -write lan -filename=cap_lan.cap
Device:/> pcapdump -cleanup

Going through this line by line we have:

1. Recording is started for the lan interface using a buffer size of 1024 Kbytes.

Device:/> pcapdump -size 1024 -start lan

2. The recording is stopped for the lan interface.

Device:/> pcapdump -stop lan

3. The dump output is displayed on the console in a summarized form.

Device:/> pcapdump -show

4. The same information is written in its complete form to a file called cap_lan.cap.

Device:/> pcapdump -write lan -filename=cap_lan.cap

Chapter 2: Management and Maintenance

107

This manual is related to the following products:
See also other documents in the category Amer Networks Computer Accessories: