command for local packet capture on x460 v16

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
Photo of Kaon Thana

Kaon Thana

  • 256 Points 250 badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Stephen Williams

Stephen Williams, Employee

  • 8,838 Points 5k badge 2x thumb
It does.  But the command is hidden and you can't tab through it.
Photo of Kaon Thana

Kaon Thana

  • 256 Points 250 badge 2x thumb
I see thanks. I tried this:

debug packet capture ports 48 on print-to-console

And got no result. How can I view the packets on a specific port?
Photo of Stephen Williams

Stephen Williams, Employee

  • 8,838 Points 5k badge 2x thumb
debug packet capture ports 48 on print-to-console  Make sure your on console.
Photo of Stephen Williams

Stephen Williams, Employee

  • 8,838 Points 5k badge 2x thumb
This is better.  "debug packet capture ports 48 on count 100 file-name pcap_capture"

It captures 100 packets and places them in a .pcap file called pcap_capture.pcap  in /usr/local/tmp on the switch.


ls /usr/local/tmp
Photo of Kaon Thana

Kaon Thana

  • 256 Points 250 badge 2x thumb
Thanks! Is there a built in command to view the file without using TFTP to upload it somewhere?

'cat' doesn't work
Photo of Edward Tsui

Edward Tsui, Employee

  • 602 Points 500 badge 2x thumb
As far as I know, there is no built-in tool to view the content, all you need is to TFTP it to somewhere and open with wireshark
Photo of Stephen Williams

Stephen Williams, Employee

  • 8,838 Points 5k badge 2x thumb
You have to upload it to a TFTP server. If you have Console access you can use my first command. It will display the packets to the console.
Photo of David Coglianese

David Coglianese, Embassador

  • 5,944 Points 5k badge 2x thumb
I am not sure what started the debate around our office, but I am hoping someone can clear it up.

Does this packet capture method capture all traffic or just traffic that hits the cpu? I see that ingress and egress have to be captured separately, but will we see all ingress or egress traffic?

Thanks, 
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 12,782 Points 10k badge 2x thumb
Hi David,

that is a good question, I do not know the answer either. If I remember correctly, older EXOS versions (15.1, 15.3) allowed capture of traffic hitting the CPU only. The interface name used for this contained "bcm", I think.

The GTAC Knowledge article mentioned above pertains to EXOS 15.4 and later and uses EXOS front-port names.

Looking forward to an authoritative answer. :-)

Erik

BTW there is an article to capture management port traffic as well: How do i take a packet capture of the management port?
Photo of Stephen Williams

Stephen Williams, Employee

  • 8,838 Points 5k badge 2x thumb
I was told when you start capturing on a port with "debug packet" an internal ACL is created to kick the port traffic to CPU, and it's captured from the CPU.
Photo of Kaon Thana

Kaon Thana

  • 256 Points 250 badge 2x thumb
When I ran the above "debug packet capture" command I was not able to see traffic like pings/udp going through the port. I only saw this traffic after I enabled a port mirror to another server on the switch.