Chapter 5 Packet capture 105

limit the traffic that the filters capture

automatically start and stop packet capture with triggers

Note: The VPN Router does not provide tools for opening and viewing captured data. You must offload the PCAP files to view them.

Security features

Packet capture on the VPN Router provides the following features to enhance security:

Packet capture is disabled by default. You can enable packet capture using the CLI through the serial port only.

To enable packet capture, you must configure a separate capture password.

When you save a capture buffer to a file on disk, the file is encrypted. You must enter the capture password to decrypt PCAP files.

To open a capture file, you use a tool called openpcap that is shipped with VPN Router software. The tool is built for both 128-bit and 56-bit versions and uses the same cryptographic library that the server code uses. The openpcap tool prompts you for a password.

Packet capture configuration is not saved in LDAP or in the configuration file. When you reboot the VPN Router, the packet capture configuration is lost.

File format

Packets are stored in PCAP/TCPDUMP file format. Many tools recognize this file format. Packets are saved with the following additional information:

timestamp of the packet

length of the portion of the packet present in the PCAP file

length of the entire packet as it was received or sent on the wire

Nortel VPN Router Troubleshooting

Page 105
Image 105
Nortel Networks NN46110-602 manual File format, Security features