How do I take a packet capture with LANGuardian

  • 1
  • Question
  • Updated 7 years ago
  • Answered
We need to take a packet capture to send to a 3rd party re a server problem.
Photo of IT-help


  • 52 Posts
  • 2 Reply Likes

Posted 7 years ago

  • 1
Photo of Aisling Brennan

Aisling Brennan, Official Rep

  • 393 Posts
  • 8 Reply Likes
LANGuardian systems include a facility to run tcpdump and save full packet capture output to a file. The file can be then downloaded for further analysis. This facility is not yet available on LAN probe systems.
o You require the use of any Telnet/SSH client, a useful one is PuTTY and can be downloaded here.
tcpdump is accessed via a LANGuardian shell account, known as lguser.
o To access the lguser shell account, you first have to enable it by setting the account password via the web GUI.
o See this page (https://x.x.x.x/sysadm/lguser.cgi). (This requires LANGuardian 12.4 or later).

Once the password is set, access the lguser account as follows:
# ssh lguser@[languardianip] where languardianip is the IP address of your LANGuardian system.

Then Run tcpdump as normal:

e.g: # tcpdump -ni eth1 -s100 -c1000 -w jason_test.cap host and tcp

Process shown here:

Copy the saved packet capture from LANGuardian using WINSCP to SCP the file:

Now select your newly created tcpdump file and drag it across to your own file system: