How can captured packets be save as Wireshark compatible files via "tcpdump" command in the SBG3300?

Zyxel_Charlie
Zyxel_Charlie Posts: 1,034  Zyxel Employee
First Anniversary Friend Collector First Answer First Comment
edited June 2022 in Maintenance

Step 1 Establish a Telnet connection to the SBG3300. The default IP address is 192.168.1.1. Use the “admin” account to access the SBG that can do the packet capture. 

 

Step 2 Enter the command "sh".

 

Step 3 Enter command “tcpdump -i ‘interface name’ -w /var/tmp/’file name’”.

In this example, the goal is to capture packets in the br0 interface and save them into file name test001. Therefore, the command entered is “tcpdump –i br0 -w /var/tmp/test001". When the command is entered, packets in this interface are recorded.

Note: Use "ifconfig" command to check the interface name. 

 

Step 4 Once the packet capture is finished, press “ctrl-c” to stop the capture session.

 

Step 5 Access the corresponding folder where the packet capture file is saved. Enter the command “cd /var/tmp” to access the folder.

 

Step 6 Check whether the packet capture file is in the folder. Enter the “ls” command to check.

 

Step 7 Start the Filezilla application. Enter the IP addressusername and password to access SBG3300. In the remote side, enter the corresponding path where the packet capture file is saved, which is /var/tmp/ in this example. The file test001 is in the folder. 

 

Step 8 Select a specific folder at the local side where the packet capture file will be saved. Right-click on the packet capture file and select “Download”. 

 

Step 9 After the file is downloaded, change the file name in order to make it compatible with Wireshark. Add “.pcapng” following the original file name.

 

Step 10 The file should now be Wireshark compatible. 

 

Verification

Open the file in Wireshark and check the captured packets.