Login
- Table of Contents
-
- 17-Network Management and Monitoring Command Reference
- 00-Preface
- 01-System maintenance and debugging commands
- 02-NQA commands
- 03-NTP commands
- 04-EAA commands
- 05-Process monitoring and maintenance commands
- 06-NETCONF commands
- 07-CWMP commands
- 08-Information center commands
- 09-SNMP commands
- 10-RMON commands
- 11-Flow log commands
- 12-Fast log output commands
- 13-Packet capture commands
- 14-NetStream commands
- 15-Mirroring commands
- 16-Event MIB commands
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 13-Packet capture commands | 62.02 KB |
Packet capture commands
display packet-capture status
Use display packet-capture status to display packet capture settings and status information.
Syntax
display packet-capture status
Views
Any view
Predefined user roles
network-admin
network-operator
context-admin
context-operator
Examples
# Display packet capture settings and status information.
<Sysname> display packet-capture status
Capture status: Started
Filter: ACL 3000
Interface GigabitEthernet 1/0/1
Table 1 Command output
|
Field |
Description |
|
Capture status |
Packet capture status: · Started—Packet capture is started. · Stopped—Packet capture is stopped. · Saving—The device is saving captured packets to a file. |
|
Filter |
Filtering settings: · ACL—Captures packets permitted by an advanced ACL. · ACL IPv6—Captures packets permitted by an IPv6 advanced ACL. · Interface—Captures packets received or sent by an interface. If packet capture is not started, the command does not display this field. |
Related commands
packet-capture start
packet-capture stop
packet-capture max-bytes
Use packet-capture max-bytes to set the maximum packet size for a packet capture record.
Use undo packet-capture max-bytes to restore the default.
Syntax
packet-capture max-bytes bytes
undo packet-capture max-bytes
Default
The maximum packet size is 1600 bytes for a packet capture record.
Views
System view
Predefined user roles
network-admin
context-admin
Parameters
bytes: Specifies the maximum packet size for a packet capture record in bytes. The value range is 512 to 4096.
Usage guidelines
The device captures only the specified maximum number of bytes from a packet. The remaining part of the packet is ignored. To capture all bytes of packets, make sure the maximum packet size for a packet capture record is equal to or greater than the interface MTU.
You can configure packet capture parameters only when packet capture is not started.
Examples
# Set the maximum packet size to 1500 bytes for a packet capture record.
<Sysname> system-view
[Sysname] packet-capture max-bytes 1500
packet-capture max-file-packets
Use packet-capture max-file-packets to set the maximum number of packet capture records for a file.
Use undo packet-capture max-file-packets to restore the default.
Syntax
packet-capture max-file-packets number
undo packet-capture max-file-packets
Default
The maximum number of packet capture records for a file is 100.
Views
System view
Predefined user roles
network-admin
context-admin
Parameters
number: Specifies the maximum number of packet capture records for a file. The value range is 100 to 1000.
Usage guidelines
The system first saves packet capture records to memory. After the maximum number of packet capture records for a file is reached, the system saves the records to a file and clears the records in memory.
A greater value for this argument requires more memory space. If the available memory space is limited, decrease the value.
You can configure packet capture parameters only when packet capture is not started.
Examples
# Set the maximum number of packet capture records for a file to 500.
<Sysname> system-view
[Sysname] packet-capture max-file-packets 500
packet-capture start
Use packet-capture start to start packet capture.
Syntax
packet-capture start [ acl { acl-number | ipv6 acl-number } | interface interface-type interface-number ] *
Default
Packet capture is not started.
Views
System view
Predefined user roles
network-admin
context-admin
Parameters
acl: Captures packets permitted by an advanced ACL.
acl-number: Specifies an IPv4 advanced ACL by its number in the range of 3000 to 3900.
ipv6 acl-number: Specifies an IPv6 advanced ACL by its number in the range of 3000 to 3900.
interface interface-type interface-number: Captures packets received or sent by an interface.
Usage guidelines
Start packet capture only when necessary. Packet capture affects device performance.
To save .cap files on the device, back up existing .cap files on the device before starting packet capture. The system automatically deletes existing .cap files in the same .cap file directory after you start packet capture.
If you do not specify any options, the device captures all received and sent packets.
On a non-default context, you cannot start packet capture on a shared interface.
Examples
# Start packet capture. Use ACL 3000 to identify the packets to be captured.
<Sysname> system-view
[Sysname] packet-capture start acl 3000
The operation will delete .cap files in storage path,continue?[y/n]
packet-capture stop
Use packet-capture stop to stop packet capture.
Syntax
packet-capture stop [ immediately ]
Views
System view
Predefined user roles
network-admin
context-admin
Parameters
immediately: Stops packet capture and captured-packet saving. If you do not specify this keyword, the device saves captured packets to a file before stopping packet capture.
Usage guidelines
Saving packet capture records to a file takes time. The packet-capture stop command without the immediately keyword saves all packet capture records to a file before stopping packet capture. If you do not want to use the packet capture records in memory, execute the packet-capture stop immediately command.
Examples
# Stop packet capture.
<Sysname> system-view
[Sysname] packet-capture stop
# Stop packet capture immediately.
<Sysname> system-view
[Sysname] packet-capture stop immediately
packet-capture storage
Use packet-capture storage to specify the storage directory for the .cap files.
Use undo packet-capture storage to restore the default.
Syntax
packet-capture storage { local [ limit limit-space ] | remote serverpath [ vpn-instance vpn-instance-name ] [ user username [ password { cipher | simple } string ] ] }
undo packet-capture storage
Default
The storage directory is the pcap directory of the default file system on the master.
Views
System view
Predefined user roles
network-admin
context-admin
Parameters
local: Saves the .cap files on the device.
limit limit-space: Specifies the maximum storage space for .cap files in KB. The value range is 1024 to 10240. The default is 4096. After the maximum storage space is reached, the system stops capturing packets.
remote: Saves the .cap files to a remote file server.
serverpath: Specifies a directory on an FTP or TFTP server, a case-sensitive string of up to 253 characters. Valid characters include letters, digits, hyphens (-), underscores (_), colons (:), forward slashes (/), and dots (.).
vpn-instance vpn-instance-name: Specifies the VPN instance to which the FTP or TFTP server belongs. The vpn-instance-name argument specifies the VPN instance name, a case-sensitive string of 1 to 31 characters. If the FTP or TFTP server belongs to the public network, do not specify this option.
user username: Specifies the username used to access the FTP server, a case-sensitive string of up to 255 characters. It cannot contain forward slashes (/), backward slashes (\), vertical bars (|), colons (:), asterisks (*), question marks (?), left angle brackets (<), right angle brackets (>), or at signs (@). This option is required if an FTP server is used to save the .cap files.
password: Specifies the password used to access the FTP server.
cipher: Specifies a password in encrypted form.
simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.
string: Specifies the password string, case sensitive. A password in encrypted form can have up to 255 characters. A password in plaintext form can have up to 373 characters.
Usage guidelines
The storage space of the storage media on the device is limited. As a best practice, use a remote file server to save the .cap files.
You can configure packet capture parameters only when packet capture is not started.
Examples
# Set the storage directory for the .cap files to ftp://1.1.1.2. Specify the username and password for accessing the FTP server
<Sysname> system-view
[Sysname] packet-capture storage remote ftp://1.1.1.2 user user123 password simple 123
