Sie zeigen eine alte Version dieser Seite an. Zeigen Sie die aktuelle Version an.

Unterschiede anzeigen Seitenhistorie anzeigen

Version 2 Nächste Version anzeigen »


Description:

This document describes how to use the LANCOM application LCOSCAP to capture packets in a format that can be read out using Wireshark.

LCOSCAP captures packets transmitted via any interface on a LANCOM router, and stores them in a Wireshark-compatible *.pcap file.


Requirement:
  • Current version of LCOSCAP (download)
  • Current LCOS (download)
  • IP connectivity between the Windows PC running LCOSCAP and the LANCOM router being investigated


Procedure:

1) WEBconfig:

1.1) Open the configuration for the LANCOM router in WEBconfig and switch to the menu item Extras -> Paket-Capturing.

1.2) Select the interface on which you want to capture packets.

1.3) Click you on Go to start the packet capture.

1.4) The Stop button halts the packet capture.





2. Command prompt:

2.1 Open an SSH session on your LANCOM Router and type the following command to activate the package capturing on the device:

    set /Setup/Packet-Capture/LCOSCap-Operating yes


2.2 Open the command prompt in Windows.

2.3 You can display the command syntax and additional options by entering the command lcoscap.
    The command syntax is always: lcoscap [option(s)] <IP address>


    The following options are available:

    -o File where the captured packets are stored.

    -p Password of the LANCOM device, on which traffic is to be captured.

    -i Interface of the LANCOM device for which data is to be captured. If you omit this parameter,
    LCOSCAP outputs a list of device interfaces.

    -b Switch to include the beacons in the data traffic (WLAN only).

    -h Switch to include the 802.11 headers, although without payload (WLAN only). Without this switch
    WLAN packets are captured in full (802.11 header and payload), and with the switch, then only
    the 802.11 headers are captured.

    -l Specifies the maximum size of the capture file. When the specified size is reached, LCOSCAP creates a new
    file. The files are sequentially numbered.

    -n Specifies the number of files produced by LCOSCAP. If the maximum number of files is reached,
    LCOSCAP overwrites the first file.


2.4 The first thing to find out is, which interfaces on the current device (here a LANCOM 1781AW) permit packet capture. To do this, enter following command:
    lcoscap -p PASSWORD 192.168.50.1
    ( PASSWORD is a placeholder that represents the main password of the LANCOM router )



2.5 For example, if you wish to capture data traffic on the first WLAN interface, you must enter following command:
    lcoscap -o output.pcap -i WLAN-1 -p PASSWORD 192.168.50.1



2.6 Data capture can be stopped using the key combination CTRL + C. The generated file with the extension *.pcap is stored in the LCOSCAP installation directory and can be opened with the software Wireshark.
    Information:
    • LCOScap via the command line is more efficient than in WebConfig, thus the chance that packages can not be recorded is lower.
    • LCOSCAP requires significantly fewer resources than a trace using the LCOS internal 'trace' command, because the packets are not analyzed any further, but simply written to the *.pcap file.



  • Keine Stichwörter