6.1

Table Of Contents

VMware, Inc. 53

Chapter 8 Troubleshooting ADM

Examples

CreateansnmpwalkdumpforIP1.2.3.4andsavetheresultsintofilesnmpdump.1.2.3.4.txt:

./snmpdump.sh 1.2.3.4 snmpdump.1.2.3.4.txt

nlcapture

Youcanusethenlcaptureutilityinplaceoftcpdumptocapturenetworkactivity.Thisutilitysupportsthe

samedefaultparametersastcpdump,butsetsthesnaplentobelargeenoughsoastonottruncatepackets.

Inaddition,thisutilityprovidesaparameternotsupportedbytcpdump:‐R,whichfilters

packetsbasedon

theirprotocol(forexample,HTTP)orbasedonprotocol‐specificattributes.

Similartotcpdump,youcanusenlcapturetofilteranexistingcapturefileandtransformittoanew,filtered

file.Seeusagebelow.

Location

/home/nlayers/Seneca/tools/nlcapture.pl

Usage

Runningnlcaptureonthecommandlineyields:

nlcapture.pl

tcpdump options

[-R

ethereal display filter string

]

Forexample:

Tolistenoneth1andcaptureallHTTPandICMPpacketsintothefilebla.dump:

nlcapture.pl -i eth1 -R "http||icmp" -w myoutput.dump

Asexplainedearlier, nlcapturesupportsallcommontcpdumpparameterssuchas‐i.Additionally,it

supportsthe-Rparametertofilteronthenetworkprotocoloraccordingtothevalueofspecificprotocolfields.

Protocolnamesarewritteninlowercase.ThefollowingURLprovidesdetailsonthefiltersthatyoucanuse:

http://www.ethereal.com/docs/man‐pages/ethereal‐filter.4.html

Thefiltersofnlcaptureutilityaredifferentfromthetcpdumpfilters.Theyareeasiertouseandunderstand.