- Table of Contents
-
- 20-Network Management and Monitoring Command Reference
- 00-Preface
- 01-System maintenance and debugging commands
- 02-NQA commands
- 03-SNMP commands
- 04-RMON commands
- 05-NETCONF commands
- 06-EAA commands
- 07-Process monitoring and maintenance commands
- 08-Flow log commands
- 09-Packet capture commands
- 10-Mirroring commands
- 11-Fast log output commands
- 12-UCC commands
- 13-SQA commands
- Related Documents
-
Title | Size | Download |
---|---|---|
09-Packet capture commands | 70.36 KB |
Packet capture commands
display packet-capture status
Use display packet-capture status to display local or remote packet capture status information.
Syntax
display packet-capture status
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display local or remote packet capture status information.
<Sysname> display packet-capture status
AP name : ap1
Radio ID : 1
Radio mode : 802.11n(2.4GHz)
Channel : 1
Status : Capturing
File name : database.pcap
Username : 1
Password : ******
Table 1 Command output
Field |
Description |
Status |
Packet capture status. Only the Capturing status is supported in the current software version. |
Username |
Username for logging in to the remote FTP server. |
Password |
Password for logging in to the remote FTP server. Both passwords in encrypted form and in plaintext form are displayed as ******. If no password is required or configured, this filed displays N/A. |
packet-capture local ap
Use packet-capture local ap to capture incoming packets on an AP radio and save the captured packets to a file on an FTP server.
Syntax
packet-capture local ap ap-name radio radio-id [ monitor-mode channel channel-number ] [ capture-filter capt-expression | limit-frame-size bytes | autostop filesize kilobytes | autostop duration seconds ] * write url url [ username username [ password { cipher | simple } string ] ]
Views
User view
Predefined user roles
network-admin
Parameters
ap-name: Specifies an AP by its name, a case-sensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
radio radio-id: Specifies a radio by its ID.
monitor-mode channel channel-number: Configures the capture on the radio to operate in monitor mode to capture packets from the specified channel in the WLAN. The value range for the channel-number argument depends on the region code and radio mode. If you do not specify this option, the capture operates in mirroring mode.
· In mirroring mode, the capture on the radio captures packets only from the radio. The radio provides WLAN services while the capture is capturing packets.
· In monitor mode, the capture on the radio captures packets transmitted in the specified channel in the WLAN. In this mode, the radio acts as a dedicated network monitor to scan the WLAN for devices and capture the matching packets sent by them in the specified channel. In this mode, the radio cannot provide WLAN services while the packet capture is operating. After the packet capture stops, the radio continues to provide WLAN services. Typically, you use this mode for troubleshooting purposes.
capture-filter capt-expression: Specifies an expression to match packets to be captured, a case-sensitive string of 1 to 256 characters. If you do not specify a capture filter expression, the device captures all incoming packets on an interface. For more information about configuring capture filter expressions, see packet capture configuration in Network Management and Monitoring Configuration Guide.
limit-frame-size bytes: Sets the maximum number of bytes to capture for a packet. The value range is 64 to 8000 bytes, and the default value is 8000 bytes.
autostop filesize kilobytes: Stops capturing packets if the maximum packet file size is exceeded when file rotation is disabled. The kilobytes argument sets the maximum packet file size. The value range is 1 to 65536 kilobytes. If you do not set a limit, the packet file size is unlimited.
autostop duration seconds: Stops capturing packets when the capturing duration expires. The seconds argument sets the capturing duration. The value range is 1 to 2147483647 seconds. If you do not set a limit, the capturing duration is unlimited.
write url url: Specifies the URL of the packet file to store captured packet data on an FTP server. The URL must be a case-sensitive string of 1 to 255 characters, and it cannot contain the at sign (@), the specified username, or the specified password. If you do not specify a URL, the captured packet data is not saved.
username username: Specifies the username for accessing the FTP server. The username must be a case-senstive string of 1 to 32 characters.
password: Specifies the password for accessing the FTP server.
cipher: Specifies the password in its encrypted form.
simple: Specifies the password in its plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.
string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 32 characters. Its encrypted form is a case-sensitive string of 1 to 73 characters.
Usage guidelines
To stop the capture while it is capturing packets, use the packet-capture stop command.
If you configure both the autostop filesize option and autostop duration option, the packet capture stops when any one of the limits for the stop options is reached.
Follow these restrictions and guidelines to specify the URL, username, and password:
· The URL format is ftp://FTP server address:port number/file name, where the port number is optional, for example, ftp://192.168.1.1/test.cfg and ftp://192.168.1.1:21/test.cfg. If the server is configured with a port number, you must enter the port number in the URL.
· If the server address is an IPv6 address, enclose the address in a pair of brackets, for example, ftp://[2001::1]/test.cfg and ftp://[2001::1]:21/test.cfg.
· You can also specify the DNS domain name for the server address field, for example, ftp://sdp:21/test.cfg.
· The username and password must be the same as those configured on the FTP server. If the server authenticates only the username, the password can be omitted.
Do not set a short capturing duration in the autostop duration seconds option. If the duration is too short, the capture might stop when a user has not logged in to the FTP server. The captured packets cannot be saved because a packet file has not been created.
Examples
# Capture incoming packets on radio 1 of AP 1.
<Sysname> packet-capture local ap ap1 radio 1 write url ftp://10.1.1.1/database.pcap username 1 password simple 1
Related commands
display packet-capture status
packet-capture stop
packet-capture local interface
Use packet-capture local interface to capture incoming packets on an interface and save the captured packets to a local file or to a remote file on an FTP server.
Syntax
packet-capture local interface interface-type interface-number [ capture-filter capt-expression | limit-frame-size bytes | autostop filesize kilobytes | autostop duration seconds ] * write { filepath | url url [ username username [ password { cipher | simple } string ] ] }
Views
User view
Predefined user roles
network-admin
Parameters
interface-type interface-number: Specifies an Ethernet interface by its type and number.
capture-filter capt-expression: Specifies an expression to match packets to be captured, a case-sensitive string of 1 to 256 characters. If you do not specify a capture filter expression, the device captures all incoming packets on an interface. For more information about configuring capture filter expressions, see packet capture configuration in Network Management and Monitoring Configuration Guide.
limit-frame-size bytes: Sets the maximum number of bytes to capture for a packet. The value range is 64 to 8000 bytes, and the default value is 8000 bytes.
autostop filesize kilobytes: Stops capturing packets if the maximum packet file size is exceeded when file rotation is disabled. The kilobytes argument sets the maximum packet file size. The value range is 1 to 65536 kilobytes. If you do not set a limit, the packet file size is unlimited.
autostop duration seconds: Stops capturing packets when the capturing duration expires. The seconds argument sets the capturing duration. The value range is 1 to 2147483647 seconds. If you do not set a limit, the capturing duration is unlimited.
write: Stores the captured packet data.
filepath: Specifies the full path of a local packet file to store captured packet data. The path must be a case-sensitive string of up to 64 characters. The filename extension must be .pcap. For more information about setting a file path, see file system management in Fundamentals Configuration Guide.
url url: Specifies the URL of a remote packet file on an FTP server to store captured packet data. The URL must be a case-sensitive string of 1 to 255 characters. The URL string must not contain at signs (@), and the specified username and password. If you do not specify a URL, the captured packet data is not saved.
username username: Specifies a username for logging in to the FTP server. The username is a case-sensitive string of 1 to 32 characters.
password: Specifies a password for logging in to the FTP server.
cipher: Specifies a password in encrypted form.
simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.
string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 32 characters. Its encrypted form is a case-sensitive string of 1 to 73 characters.
Usage guidelines
To stop the capture while it is capturing packets, use the packet-capture stop command.
If you configure both the autostop filesize option and autostop duration option, the packet capture stops when any one of the limits for the stop options is reached.
Follow these restrictions and guidelines to specify the URL, username, and password:
· The URL format is ftp://FTP server address:port number/file name, where the port number is optional, for example, ftp://192.168.1.1/test.cfg and ftp://192.168.1.1:21/test.cfg. If the server is configured with a port number, you must enter the port number in the URL.
· If the server address is an IPv6 address, enclose the address in a pair of brackets, for example, ftp://[2001::1]/test.cfg and ftp://[2001::1]:21/test.cfg.
· You can also specify the DNS domain name for the server address field, for example, ftp://sdp:21/test.cfg.
· The username and password must be the same as those configured on the FTP server. If the server authenticates only the username, the password can be omitted.
Do not set a short capturing duration in the autostop duration seconds option. If the duration is too short, the capture might stop when a user has not logged in to the FTP server. The captured packets cannot be saved because a packet file has not been created.
Examples
# Capture incoming packets and store the data in the database.pcap file on the FTP server at 10.1.1.1. The username and password for logging in to the FTP server are 1 and 1, respectively.
<Sysname> packet-capture local interface gigabitethernet 1/0/1 write url ftp://10.1.1.1/database.pcap username 1 password simple 1
Related commands
display packet-capture status
packet-capture stop
packet-capture remote ap
Use packet-capture remote ap to capture incoming packets on an AP radio.
Syntax
packet-capture remote ap ap-name radio radio-id [ port port ]
Views
User view
Predefined user roles
network-admin
Parameters
ap-name: Specifies an AP by its name, a case-sensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
radio radio-id: Specifies a radio by its ID.
port port: Specifies the RPCAP service port on the AP by its port number. If you do not specify a RPCAP service port, RPCAP service port 2002 is used.
Usage guidelines
After this command is executed, the client (such as Wireshark) connected to the RPCAP service port of the AP can obtain packets captured on the AP radio.
To stop the capture while it is capturing packets, use the packet-capture stop command.
Examples
# Capture incoming packets on radio 2 of AP 1 and specify the RPCAP service port number as 2014.
<Sysname> packet-capture remote ap ap1 radio 2 port 2014
Related commands
display packet-capture status
packet-capture stop
packet-capture remote interface
Use packet-capture remote interface to capture incoming packets on an interface.
Syntax
packet-capture remote interface interface-type interface-number [ port port ]
Views
User view
Predefined user roles
network-admin
Parameters
interface-type interface-number: Specifies an Ethernet interface by its type and number.
port port: Specifies the RPCAP service port by its number. If you do not specify a RPCAP service port, RPCAP service port 2002 is used.
Usage guidelines
After this command is executed, the client (such as Wireshark) connected to the AP can obtain packets captured on the specified interface.
To stop the capture while it is capturing packets, use the packet-capture stop command.
Examples
# Capture incoming packets on GigabitEthernet 1/0/1 and specify the RPCAP service port number as 2014.
<Sysname> packet-capture remote interface gigabitethernet 1/0/1 port 2014
Related commands
display packet-capture status
packet-capture stop
packet-capture stop
Use packet-capture stop to stop the local or remote packet capture.
Syntax
packet-capture stop
Views
User view
Predefined user roles
network-admin
Examples
# Stop the local or remote packet capture.
<Sysname> packet-capture stop
Related commands
packet-capture local ap
packet-capture remote ap