Ethereal-users: Re: [Ethereal-users] Using Ethereal with 'cable intercept'

Note: This archive is from the project's previous web site, This list is no longer active.

From: Gerald Combs <gerald@xxxxxxxxxxxx>
Date: Wed, 26 Nov 2003 09:40:58 -0600
Emre Bastuz wrote:

I´ve been trying to capture data from a Cisco cable backend with the
'cable intercept' feature.

When sniffing with Ethereal or TCPDump the data is written correctly
but when watching it in Ethereal I only can see the UDP flow that the
CMTS has sent to the sniffing box.

As far as I get it, the 'cable intercept' feature is supposed to capture
the data to and from a specific MAC address and send it to an ip via
UDP to a predefined port.

I´m kind of confused about this, so can please someone give a detailed
guide on how I can extract the intercepted users´ traffic from the gathered
UDP flow?

Try changing the port number in Edit->Preferences->PCLI to match the destination port number you're using for cable intercept.