Description:
This document describes how to use the RPCap interface integrated in LCOS together with the packet analysis tool Wireshark to generate packet captures from any interface on a LANCOM router.
The advantage over the capture with LCOSCap is that the packets can be examined 'live' during the recording and capture filters can also be defined.
Requirements:
- Current versions of Wireshark and Npcap under Microsoft Windows
- LCOS as of version 8.80 (download latest version)
- IP connectivity between the Windows PC running Wireshark and the LANCOM router being investigated
Procedure:
1. Command line:
From LCOS 10.50, following a re-configuration of the router or a factory reset, the main device password is stored as a hash value only and not as cleartext (Setup/Config/Passwords/Keep-Cleartext No). Existing configurations are not affected.
The tool LCOSCap currently does not work without a cleartext password. In this case, a workaround is to delete the LCOSCap algorithm Simple. Enter the following command into the CLI:
set Setup/Packet-Capture/LCOSCap-Algorithms 12
2. Perform live analysis in Wireshark:
2.1 Start the Windows version of the packet-analysis tool Wireshark.
2.2 From the Capture menu, select Options.
2.3 In the window that follows, select Manage interfaces.
2.4 In the next window, select the tab Remote Interfaces and add the router.
- Leave the Username field empty.
- For the Password, enter the router's main device password.
2.5 Now the router's interfaces that can be captured are displayed.
- Logical network interfaces: LAN-x
- LogicalDSL interfaces: DSL-x
- Integrated VDSL modem:
- 17xx: LL-VDSL
- 19x6: LL-XDSL-1 and LL-XDSL-2
- LACP: BUNDLE-x
Do not use the interfaces LL-VDSL-CTRL or LL-XDSL-x-CTRL, as they record the management packets of the DSL modem only.
2.6 Choose the required interface and click OK.
2.7 After clicking Start, the packets passing through the selected interface are captured as if the interface were located locally on the PC.
