Description: This document describes how to use the LANCOM application LCOSCAP to capture packets in a format that can be read out using Wireshark. LCOSCAP captures packets transmitted via any interface on a LANCOM router, and stores them in a Wireshark-compatible *.pcap file. 1) WEBconfig: 1.1) Open the configuration for the LANCOM router in WEBconfig and switch to the menu item Extras → Packet-Capture. 1.2) Select the logical interface on which you want to capture packets. 1.3) Click on Go to start the packet capture. 1.4) The Stop button halts the packet capture.
2. Command prompt: 2.1 Open an SSH session on your LANCOM Router and type the following command to activate the package capturing on the device: set /Setup/Packet-Capture/LCOSCap-Operating yes
2.2 Open the command prompt in Windows. 2.3 You can display the command syntax and additional options by entering the command lcoscap. The command syntax is always: lcoscap [option(s)] <IP address> The following options are available: -o File where the captured packets are stored. -p Password of the LANCOM device, on which traffic is to be captured. -i Interface of the LANCOM device for which data is to be captured. If you omit this parameter, LCOSCAP outputs a list of device interfaces. -b Switch to include the beacons in the data traffic (WLAN only). -h Switch to include the 802.11 headers, although without payload (WLAN only). Without this switch WLAN packets are captured in full (802.11 header and payload), and with the switch, then only the 802.11 headers are captured. -l Specifies the maximum size of the capture file. When the specified size is reached, LCOSCAP creates a new file. The files are sequentially numbered. -n Specifies the number of files produced by LCOSCAP. If the maximum number of files is reached, LCOSCAP overwrites the first file. 2.4 The first thing to find out is, which interfaces on the current device (here a LANCOM 1781AW) permit packet capture. To do this, enter following command: lcoscap -p PASSWORD 192.168.50.1 ( PASSWORD is a placeholder that represents the main password of the LANCOM router ) 2.5 For example, if you wish to capture data traffic on the first WLAN interface, you must enter following command: lcoscap -o output.pcap -i WLAN-1 -p PASSWORD 192.168.50.1 2.6 Data capture can be stopped using the key combination CTRL + C. The generated file with the extension *.pcap is stored in the LCOSCAP installation directory and can be opened with the software Wireshark. 2.7 After capturing the traces please deactivate the LCOSCap service via the following CLI command: set /Setup/Packet-Capture/LCOSCap-Operating no |