Chapter

Packet Capture (Pcap)

38

 

 

 

In this chapter

Configuring packet captures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1213

Configuring packet captures

Organizations can configure switches as sensors to capture packets through the embedded sFlow capability and send them back to the Management application, which acts as an sFlow collector. The Management application then converts the sFlow data to Pcap format, which is understood by a variety of open source products. The open source products can then provide valuable tools to detect and defend against network attacks.

NOTE

Snort® is the only Pcap-aware tool supported by the Management application. For more information, refer to “Snort message forwarding” on page 1166.

To configure packet captures (PCAP)-related properties, complete the following steps:

1.Select Configure > Packet Capture (Pcap).

The Configure Pcap dialog box, shown in Figure 506, displays.

FIGURE 506 Configure Pcap dialog box

2.Click the Convert sFlow to Pcap check box to convert sFlow data to PCAP-formatted packets.

3.Click the Enable Pcap check box to instruct the Management application to analyze the PCAP-formatted packets.

4.Enter a value required by your PCAP-aware tool in the Replay Switch text box. This parameter is used to send data to the PCAP-aware tool. The default value is -r.

5.Enter the full path of the command that will be invoked to launch the PCAP-aware tool into the Pcap Tool Location text box.

Brocade Network Advisor IP User Manual

1213

53-1003056-01

 

Page 1265
Image 1265
Brocade Communications Systems IP250 user manual Packet Capture Pcap, Configuring packet captures