Capture PCAP files?

  • 1
  • Question
  • Updated 8 years ago
  • Answered
How can I capture PCAP files to upload to the LANGuardians PCAP sensor?
Photo of NetFort

NetFort

  • 182 Posts
  • 2 Reply Likes

Posted 8 years ago

  • 1
Photo of NetFort

NetFort

  • 182 Posts
  • 2 Reply Likes
Official Response
There are a number of ways to capture network traffic in the form of PCAP files for use with the LANGuardian sensor. Popular tools would be Wireshark and the UNIX tcpdump command. The LANGuardian will also accept traffic captures from Fluke meters.

For example setting up and using the Windows based Wireshark tool is to download the Wireshark application which is a very effective and easy to use tool for capturing PCAP files of network traffic.

You will find it here at

http://www.wireshark.org/

On the tool there is a section Capture, under which will be a list of Network adapters found on your PC/laptop. To start to capture traffic simply click on the interface that you should see the traffic of interest on and the capture of traffic will begin. To stop the capture under the Capture menu select Stop. Keep the capture file under 500M as this is the file size limit for the LANGuardian utility.

To save the capture file under File -> Save As.

On the LANGuardian under Administration -> Sensors you will see find a PCAP sensor listed. One of the options for a PCAP sensor is PCAP File Upload. Click on this option and use the Upload File option to add the PCAP file to the LANGuardian sensor. Once the file is uploaded click Process to add this traffic to the database and allow reports to be run on it.