Re: how to interpret show capture

alex.tulio · ‎10-03-2006

hi guys, can someone help me how to interpret the show capture command. for ex. i got these...

1: 18:22:34.923185 10.173.62.19.59639 > 10.172.24.54.80: S 2399411186:2399411186(0) win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 0>

2: 18:22:34.925214 10.173.62.19.59639 > 10.172.24.54.80: . ack 2138391432 win 5840

3: 18:22:34.925580 10.173.62.19.59639 > 10.172.24.54.80: P 2399411187:2399412479(1292) ack 2138391432 win 5840

4: 18:22:35.037778 10.173.62.19.59639 > 10.172.24.54.80: P 2399412479:2399412497(18) ack 2138391432 win 5840

rajbhatt · ‎10-03-2006

Hi,

Use ethereal to study these files

go to google and download etnereal exe with wippcap files

open the capture in ethereal and filter tcp stream

alex.tulio · ‎10-04-2006

i tried to use ethereal, but it always says that its not cap/pcap file.

jwalker · ‎10-05-2006

Here are some quick steps to get the capture you are looking for then open it in Ethereal..

1) Create access list for "interesting traff"

2) Create capture-- capture access-list interface

3) Download capture from ASA/PIX using https

EX: https:///capture//pcap

(this saves the file in pcap format for Ethereal)

4) Open file in ethereal!

***Please rate if this post helps****

Thanks.

Jay

alex.tulio · ‎10-06-2006

it works thanks