SSL Visibility taking Packet captures with Cygwin

book

Article ID: 169217

calendar_today

Updated On:

Products

SSL Visibility Appliance Software

Issue/Introduction

This article describes the procedure for downloading the captures from the SSL Visibility appliance and then using Cygwin to generate them.

Cause

This is a good solution to avoid running pscp.exe and dealing with the user / folder permissions.
In addition, it shows the utilization of filters and select interfaces.

Resolution

Steps for downloading the captures:

  1. Download and Install Cygwin following this article:​​​
    https://support.symantec.com/en_US/article.TECH245963.html


User-added image

  1. Open the CLI connection for the SSL Visibility appliance, then type:


> capture reset
> capture select 1 2 3 4 (interfaces for taking the capture)

> capture filter src-ip xx.xxx.xx.xx (host ip) dst-ip yy.yyy.yy.yy (destination IP)
* setting up the filter is an option, in case we need to catch all the traffic we just not write the filter line. *
> capture start
After allowing the required time, enter:
> capture stop

  1. When done, a line similar to the following displays:

Capture file available via scp
Linux/Mac: scp <user>@<appliance>:pcap_20160930200814_20160930200841.tar.gz pcap_20160930200814_20160930200841.tar.gz
Windows: pscp.exe -scp <user>@<appliance>:pcap_20160930200814_20160930200841.tar.gz pcap_20160930200814_20160930200841.tar.gz

  1. Copy the linux line:

scp <user>@<appliance>:pcap_20160930200814_20160930200841.tar.gz pcap_20160930200814_20160930200841.tar.gz

  • Change "<user>" to the username, for example: sysadmin
  • Change "<appliance>" to the IP address of the device, example : xx.xxx.xx.xx

User-added image
In this example it will be:
scp [email protected]:pcap_20160930200814_20160930200841.tar.gz pcap_20160930200814_20160930200841.tar.gz

  1. Paste the line at the Cygwin prompt, enter the user password and type “Intro”

User-added image

  1. Then open the Cygwin folder, by default under cygwin64\home\User and you will find the pcap file.

User-added image

Attachments