Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

how to interpret show capture

hi guys, can someone help me how to interpret the show capture command. for ex. i got these...

1: 18:22:34.923185 10.173.62.19.59639 > 10.172.24.54.80: S 2399411186:2399411186(0) win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 0>

2: 18:22:34.925214 10.173.62.19.59639 > 10.172.24.54.80: . ack 2138391432 win 5840

3: 18:22:34.925580 10.173.62.19.59639 > 10.172.24.54.80: P 2399411187:2399412479(1292) ack 2138391432 win 5840

4: 18:22:35.037778 10.173.62.19.59639 > 10.172.24.54.80: P 2399412479:2399412497(18) ack 2138391432 win 5840

4 REPLIES
New Member

Re: how to interpret show capture

Hi,

Use ethereal to study these files

go to google and download etnereal exe with wippcap files

open the capture in ethereal and filter tcp stream

New Member

Re: how to interpret show capture

i tried to use ethereal, but it always says that its not cap/pcap file.

Silver

Re: how to interpret show capture

Here are some quick steps to get the capture you are looking for then open it in Ethereal..

1) Create access list for "interesting traff"

2) Create capture-- capture access-list interface

3) Download capture from ASA/PIX using https

EX: https:///capture//pcap

(this saves the file in pcap format for Ethereal)

4) Open file in ethereal!

***Please rate if this post helps****

Thanks.

Jay

New Member

Re: how to interpret show capture

it works thanks

234
Views
0
Helpful
4
Replies