I had no idea that dynagen could actually do this, but it’s pretty damn awesome. Dynagen/Dynamips can output any interface’s traffic directly to a .cap file ready to be read in tcpdump or Wireshark.
How do we do this?
Let’s take a simple topology. R2 and R4 are running OSPF with each other, directly connected via their Fa0/1 interfaces. I want to capture packets going in and out of R2′s interface.
Dynamips/Dynagen has started:
=> list Name Type State Server Console R2 7200 running localhost:7200 2002 R4 7200 running localhost:7200 2004
You start capturing like so:
=> capture R2 fa0/1 /tmp/R2.cap
Stop the capture:
=> no capture R2 fa0/1
We now have a file named R2.cap in the /tmp folder. We can open it either in tcpdump or Wireshark:
darreno@Zenoss:/tmp$ sudo tcpdump -r R2.cap reading from file R2.cap, link-type EN10MB (Ethernet) 16:37:26.959354 IP 7.3.24.2 > OSPF-ALL.MCAST.NET: OSPFv2, Hello, length 56 16:37:28.930017 CDPv2, ttl: 180s, Device-ID 'R2', length 318 16:37:32.827991 16:37:36.959745 IP 7.3.24.2 > OSPF-ALL.MCAST.NET: OSPFv2, Hello, length 56 16:37:42.855127 16:37:46.930856 IP 7.3.24.2 > OSPF-ALL.MCAST.NET: OSPFv2, Hello, length 56 16:37:52.846687 16:37:56.940269 IP 7.3.24.2 > OSPF-ALL.MCAST.NET: OSPFv2, Hello, length 56 16:38:02.826550 16:38:06.943788 IP 7.3.24.2 > OSPF-ALL.MCAST.NET: OSPFv2, Hello, length 56 16:38:12.836321 16:38:16.947188 IP 7.3.24.2 > OSPF-ALL.MCAST.NET: OSPFv2, Hello, length 56 16:38:22.835339 16:38:26.932277 IP 7.3.24.2 > OSPF-ALL.MCAST.NET: OSPFv2, Hello, length 56 16:38:28.940528 CDPv2, ttl: 180s, Device-ID 'R2', length 318
Very handy indeed!
Comments