This document describes how to use the LANCOM application LCOSCAPto capture packets in a format that can be read out using Wireshark.
LCOSCAP captures packets transmitted via any interface on a LANCOM router, and stores them in a Wireshark-compatible *.pcap file.
Info
LCOScap via the command line is more efficient than in WebConfig, thus the chance that packages can not be recorded is lower.
LCOSCAP requires significantly fewer resources than a trace using the LCOS internal 'trace' command, because the packets are not analyzed any further, but simply written to the *.pcap file.
IP connectivity between the Windows PC running LCOSCAP and the LANCOM router being investigated
Procedure:
1) WEBconfig:
1.1) Open the configuration for the LANCOM router in WEBconfig and switch to the menu item Extras → Packet-
> Paket-Capturing
Capture.
1.2) Select the interface on which you want to capture packets.
1.3) Click you on Goto start the packet capture.
1.4) The Stopbutton halts the packet capture.
Image Removed
Image Added
2. Command prompt:
2.1 Open an SSH session on your LANCOM Routerand type the following command to activate the package capturing on the device:
set /Setup/Packet-Capture/LCOSCap-Operating yes
Image Removed
Image Added
2.2 Open the command prompt in Windows.
2.3 You can display the command syntax and additional optionsby entering the command lcoscap.
The command syntax is always: lcoscap [option(s)] <IP address>
Image Removed
Image Added
The following options are available:
-oFile where the captured packets are stored.
-pPassword of the LANCOM device, on which traffic is to be captured.
-iInterface of the LANCOM device for which data is to be captured. If you omit this parameter,
LCOSCAP outputs a list of device interfaces.
-bSwitch to include the beacons in the data traffic (WLAN only).
-hSwitch to include the 802.11 headers, although without payload (WLAN only). Without this
switch
switch WLAN packets are captured in full (802.11 header and payload), and with the switch, then
only
only the 802.11 headers are captured.
-lSpecifies the maximum size of the capture file. When the specified size is reached, LCOSCAP creates a
new
new file. The files are sequentially numbered.
-nSpecifies the number of files produced by LCOSCAP. If the maximum number of files is reached,
LCOSCAP overwrites the first file.
2.4 The first thing to find out is, which interfaces on the current device (here a LANCOM 1781AW) permit packet capture. To do this, enter following command:
lcoscap -p PASSWORD 192.168.50.1
(PASSWORD is a placeholder that represents the main password of the LANCOM router)
Image Removed
Image Added
2.5 For example, if you wish to capture data trafficon the first WLAN interface, you must enter following command:
2.6 Data capture can be stopped using the key combination CTRL + C. The generated file with the extension *.pcapis stored in the LCOSCAP installation directory and can be opened with the software Wireshark.
Information:
LCOScap via the command line is more efficient than in WebConfig, thus the chance that packages can not be recorded is lower.
LCOSCAP requires significantly fewer resources than a trace using the LCOS internal 'trace' command, because the packets are not analyzed any further, but simply written to the *.
2.7 After capturing the traces please deactivate the LCOSCap service via the following CLI command: