ExtremeSwitching (EXOS)

 View Only
Expand all | Collapse all

command for local packet capture on x460 v16

  • 1.  command for local packet capture on x460 v16

    Posted 10-24-2016 18:48

    Found this article but this command doesnt exist:
    https://extremeportal.force.com/ExtrArticleDetail?an=000082238



  • 2.  RE: command for local packet capture on x460 v16

    Posted 10-24-2016 18:54
    It does. But the command is hidden and you can't tab through it.


  • 3.  RE: command for local packet capture on x460 v16

    Posted 10-24-2016 19:01
    I see thanks. I tried this:

    debug packet capture ports 48 on print-to-console

    And got no result. How can I view the packets on a specific port?


  • 4.  RE: command for local packet capture on x460 v16

    Posted 10-24-2016 19:04
    debug packet capture ports 48 on print-to-console Make sure your on console.



  • 5.  RE: command for local packet capture on x460 v16

    Posted 10-24-2016 19:09
    This is better. "debug packet capture ports 48 on count 100 file-name pcap_capture"

    It captures 100 packets and places them in a .pcap file called pcap_capture.pcap in /usr/local/tmp on the switch.

    ls /usr/local/tmp



  • 6.  RE: command for local packet capture on x460 v16

    Posted 10-24-2016 19:15
    Thanks! Is there a built in command to view the file without using TFTP to upload it somewhere?

    'cat' doesn't work


  • 7.  RE: command for local packet capture on x460 v16

    Posted 10-25-2016 00:27
    As far as I know, there is no built-in tool to view the content, all you need is to TFTP it to somewhere and open with wireshark


  • 8.  RE: command for local packet capture on x460 v16

    Posted 10-25-2016 00:31
    You have to upload it to a TFTP server. If you have Console access you can use my first command. It will display the packets to the console.


  • 9.  RE: command for local packet capture on x460 v16

    Posted 10-26-2016 11:15
    I am not sure what started the debate around our office, but I am hoping someone can clear it up.

    Does this packet capture method capture all traffic or just traffic that hits the cpu? I see that ingress and egress have to be captured separately, but will we see all ingress or egress traffic?

    Thanks,


  • 10.  RE: command for local packet capture on x460 v16

    Posted 10-26-2016 11:43

    Hi David,

    that is a good question, I do not know the answer either. If I remember correctly, older EXOS versions (15.1, 15.3) allowed capture of traffic hitting the CPU only. The interface name used for this contained "bcm", I think.

    The GTAC Knowledge article mentioned above pertains to EXOS 15.4 and later and uses EXOS front-port names.

    Looking forward to an authoritative answer. :-)

    Erik

    BTW there is an article to capture management port traffic as well: How do i take a packet capture of the management port?



  • 11.  RE: command for local packet capture on x460 v16

    Posted 10-26-2016 13:45
    I was told when you start capturing on a port with "debug packet" an internal ACL is created to kick the port traffic to CPU, and it's captured from the CPU.


  • 12.  RE: command for local packet capture on x460 v16

    Posted 10-26-2016 14:23
    When I ran the above "debug packet capture" command I was not able to see traffic like pings/udp going through the port. I only saw this traffic after I enabled a port mirror to another server on the switch.