locked
nmcap CDP packet RRS feed

  • Question

  • I would like to figure out the equivlant nmcap or netmon command line to the following which I can do with tcpdump
    I am trying to capture a single CDP packet to a text file

    tcpdump -nn -v -s 1500 -i 5 -c 1 ether[20:2] == 0x2000

    I am not able to get it, as I think my syntax is not translating properly.
    Thank you very much.  

    rismoney

    Saturday, February 6, 2010 10:12 PM

Answers

  • You might be able to use the ContainsBin plugin to search for your data.  For instance you can create a filter like this

    ContainsBin(FrameData, ASCII, "YourText")

    This will return any frame with the text you are searching for.  You can also search for Unicode and Hex data.  See the standard filter for "Search Frame" in the UI or our Help for more details.

    If this doens't work, let me know and I might be able to help you further.

    Thanks,

    Paul
    • Marked as answer by Paul E Long Thursday, July 1, 2010 4:04 PM
    Tuesday, February 16, 2010 7:42 PM

All replies

  • Got it-

    nmcap /network * /DisableLocalOnly /capture SNAP.EtherType == 0x2000 /stopwhen /frame /file test.cap

    Now I wish I could get it to output in a txt format instead of .cap
    Sunday, February 7, 2010 2:00 AM
  • To get text output, you would probably have to use the NMAPI to dump it in some kind of text format.  I'm not sure what kind of text output you are looking for, but you could use the UI and Copy the summary lines to a clipboard and then save that to a text file or Excel.  You can also add columns for other data you might be interested in.

    If you let me know why you want text output, that might help provide another workarond or at least understand your scenario for future versions of Network Monitor.

    Thanks,

    Paul

    Tuesday, February 9, 2010 6:28 PM
  • What I was previously doing with the tcpdump from microolap is extract the CDP packet.  Within this packet contains the switch name and port its plugged into.  I parse this out using string manipulation currently either with dos for loops, grep,findstr etc.  The issue I currently have with tcpdump is that I need to specify adapters on multihomed box by GUID. which is difficult to ascertain from captions programmatically within Teamed Interfaces.

    I switched back to looking at netmon/nmcap because of its ability to specify adapters w/ wildcard names.

    Rich


    Wednesday, February 10, 2010 11:54 PM
  • You might be able to use the ContainsBin plugin to search for your data.  For instance you can create a filter like this

    ContainsBin(FrameData, ASCII, "YourText")

    This will return any frame with the text you are searching for.  You can also search for Unicode and Hex data.  See the standard filter for "Search Frame" in the UI or our Help for more details.

    If this doens't work, let me know and I might be able to help you further.

    Thanks,

    Paul
    • Marked as answer by Paul E Long Thursday, July 1, 2010 4:04 PM
    Tuesday, February 16, 2010 7:42 PM
  • You might be able to use the ContainsBin plugin to search for your data.  For instance you can create a filter like this

    ContainsBin(FrameData, ASCII, "YourText")

    This will return any frame with the text you are searching for.  You can also search for Unicode and Hex data.  See the standard filter for "Search Frame" in the UI or our Help for more details.

    If this doens't work, let me know and I might be able to help you further.

    Thanks,

    Paul

    WOW, Really nice answer! It helps me a lot. Thank you very much.
    Sunday, July 25, 2010 1:02 AM