EDM01-36v10 DAG_9.2X2_Card_User_Guide - Using your DAG card
©2010 - 2012 Endace Technology Ltd. Confidential - Version 10 - May 2012 47
Using third party applications
Once the captured data is in Pcap format you can use third party applications to examine and process the
data. The third party applications include:
• Wireshark /Tshark (formerly Ethereal /Tethereal)
• TCPDump
• Libpcap
• SNORT
• Winpcap, etc.
For further details refer to
EDM04-21 Libpcap and Third party applications
.
Wireshark/Tshark can also read ERF formatted data directly. This provides more information than
converting to pcap format.
Transmitting captured data
To transmit data out of the DAG 9.2X2 you can used either the DAG API or dagflood.
Configuration
To configure the DAG 9.2X2 card for transmission, you must allocate some memory to a transmit stream.
For details on how to allocate memory see the dagconfig mem (page 29
) token and refer to
EDM04-03
dagflood User Manual
.
You can capture packets at the same time as transmitting packets, using DAG capture tools such as
dagsnap, dagconvert, and dagbits.
You cannot change the stream memory allocations while packet capture or transmission is in progress.
Explicit packet transmission
The operating system does not recognize the DAG 9.2X2 card as a network interface and will not respond
to ARP, ping, or router discovery protocols.
The DAG 9.2X2 card will only transmit packets that are explicitly provided by the user. This allows you to
use the DAG 9.2X2 card as a simple traffic load generator.
You can also use it to retransmit previously recorded packet traces. The packet trace can be either
• transmitted as fast as possible.
• transmitted with the original time intervals between packets (Timed Release TERF (TR-TERF))
• transmitted with the original time intervals between packets and with a specific start time (Triggered
Timed Release TERF (TR-TERF)).
For further details, refer to
EDM04-03 dagflood User Manual
.
To Next Page
Loading...