Header Only - DO NOT REMOVE - Extreme Networks

command for local packet capture on x460 v16


Found this article but this command doesnt exist:

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-perform-a-local-packet-capture-on-a...

11 replies

Userlevel 6
It does. But the command is hidden and you can't tab through it.
I see thanks. I tried this:

debug packet capture ports 48 on print-to-console

And got no result. How can I view the packets on a specific port?
Userlevel 6
debug packet capture ports 48 on print-to-console Make sure your on console.
Userlevel 6
This is better. "debug packet capture ports 48 on count 100 file-name pcap_capture"

It captures 100 packets and places them in a .pcap file called pcap_capture.pcap in /usr/local/tmp on the switch.

ls /usr/local/tmp
Thanks! Is there a built in command to view the file without using TFTP to upload it somewhere?

'cat' doesn't work
Userlevel 2
As far as I know, there is no built-in tool to view the content, all you need is to TFTP it to somewhere and open with wireshark
Userlevel 6
You have to upload it to a TFTP server. If you have Console access you can use my first command. It will display the packets to the console.
I am not sure what started the debate around our office, but I am hoping someone can clear it up.

Does this packet capture method capture all traffic or just traffic that hits the cpu? I see that ingress and egress have to be captured separately, but will we see all ingress or egress traffic?

Thanks,
Userlevel 7
Hi David,

that is a good question, I do not know the answer either. If I remember correctly, older EXOS versions (15.1, 15.3) allowed capture of traffic hitting the CPU only. The interface name used for this contained "bcm", I think.

The GTAC Knowledge article mentioned above pertains to EXOS 15.4 and later and uses EXOS front-port names.

Looking forward to an authoritative answer. 🙂

Erik

BTW there is an article to capture management port traffic as well: How do i take a packet capture of the management port?
Userlevel 6
I was told when you start capturing on a port with "debug packet" an internal ACL is created to kick the port traffic to CPU, and it's captured from the CPU.
When I ran the above "debug packet capture" command I was not able to see traffic like pings/udp going through the port. I only saw this traffic after I enabled a port mirror to another server on the switch.

Reply