6.2.1

Table Of Contents

Application Discovery Manager Administration Guide

56 VMware, Inc.

Similartotcpdump,youcanusenlcapturetofilteranexistingcapturefileandtransformittoanew,filtered

file.Seeusagebelow.

Location

/home/nlayers/Seneca/tools/nlcapture.pl

Usage

Runningnlcaptureonthecommandlineyields:

nlcapture.pl tcpdump options [-R ethereal display filter string]

Forexample:

Tolistenoneth1andcaptureallHTTPandICMPpacketsintothefilebla.dump:

nlcapture.pl -i eth1 -R "http||icmp" -w myoutput.dump

Asexplainedearlier, nlcapturesupportsallcommontcpdumpparameterssuchas‐i.Additionally,it

supportsthe-Rparametertofilteronthenetworkprotocoloraccordingtothevalueofspecificprotocolfields.

Protocolnamesarewritteninlowercase.ThefollowingURLprovidesdetailsonthefiltersthatyoucanuse:

http://www.ethereal.com/docs/man‐pages/ethereal‐filter.4.html

Thefiltersofnlcaptureutilityaredifferentfromthetcpdumpfilters.Theyareeasiertouseandunderstand.