Capture packets directly inside dynamips

On February 1, 2011, in Dynamips, Linux, Misc, by Darren

I had no idea that dynagen could actually do this, but it’s pretty damn awesome. Dynagen/Dynamips can output any interface’s traffic directly to a .cap file ready to be read in tcpdump or Wireshark.

How do we do this?

Let’s take a simple topology. R2 and R4 are running OSPF with each other, directly connected via their Fa0/1 interfaces. I want to capture packets going in and out of R2′s interface.

Dynamips/Dynagen has started:

=> list
Name       Type       State      Server          Console
R2         7200       running    localhost:7200  2002
R4         7200       running    localhost:7200  2004

You start capturing like so:

=> capture R2 fa0/1 /tmp/R2.cap

Stop the capture:

=> no capture R2 fa0/1

We now have a file named R2.cap in the /tmp folder. We can open it either in tcpdump or Wireshark:

darreno@Zenoss:/tmp$ sudo tcpdump -r R2.cap
reading from file R2.cap, link-type EN10MB (Ethernet)
16:37:26.959354 IP 7.3.24.2 > OSPF-ALL.MCAST.NET: OSPFv2, Hello, length 56
16:37:28.930017 CDPv2, ttl: 180s, Device-ID 'R2', length 318
16:37:32.827991
16:37:36.959745 IP 7.3.24.2 > OSPF-ALL.MCAST.NET: OSPFv2, Hello, length 56
16:37:42.855127
16:37:46.930856 IP 7.3.24.2 > OSPF-ALL.MCAST.NET: OSPFv2, Hello, length 56
16:37:52.846687
16:37:56.940269 IP 7.3.24.2 > OSPF-ALL.MCAST.NET: OSPFv2, Hello, length 56
16:38:02.826550
16:38:06.943788 IP 7.3.24.2 > OSPF-ALL.MCAST.NET: OSPFv2, Hello, length 56
16:38:12.836321
16:38:16.947188 IP 7.3.24.2 > OSPF-ALL.MCAST.NET: OSPFv2, Hello, length 56
16:38:22.835339
16:38:26.932277 IP 7.3.24.2 > OSPF-ALL.MCAST.NET: OSPFv2, Hello, length 56
16:38:28.940528 CDPv2, ttl: 180s, Device-ID 'R2', length 318

wiresharkdynamips Capture packets directly inside dynamips

Very handy indeed!

flattr badge large Capture packets directly inside dynamips
Tagged with:  

Leave a Reply

© 2009-2014 Darren O'Connor All Rights Reserved