Login
- Table of Contents
-
- 17-Network Management and Monitoring Configuration Guide
- 00-Preface
- 01-Information center configuration
- 02-Flow log configuration
- 03-Fast log output configuration
- 04-NetStream configuration
- 05-Sampler configuration
- 06-Cloud connection configuration
- 07-Mirroring configuration
- 08-Packet capture configuration
- 09-NQA configuration
- 10-Track configuration
- 11-BFD configuration
- 12-Monitor Link configuration
- 13-Smart Link configuration
- 14-Interface backup configuration
- 15-Interface collaboration configuration
- 16-System maintenance and debugging configuration
- 17-NTP configuration
- 18-EAA configuration
- 19-Process monitoring and maintenance configuration
- 20-NETCONF configuration
- 21-CWMP configuration
- 22-SNMP configuration
- 23-RMON configuration
- 24-Event MIB configuration
- 25-Process placement configuration
- 26-GOLD configuration
- 27-gRPC configuration
- 28-iNQA configuration
- 29-SmartMC configuration (self-mesh supported)
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 08-Packet capture configuration | 75.73 KB |
Restrictions and guidelines: Packet capture configuration
Packet capture tasks at a glance
Configuring packet capture settings
Display and maintenance commands for packet capture
Packet capture configuration examples
Example: Configuring packet capture
Configuring packet capture
About packet capture
The packet capture feature captures incoming and outgoing packets, generates packet capture records, and saves the records to a .cap file. The file can reside on the device or a remote file server. You can use a packet analyzer such as Wireshark to view the file for traffic analysis.
The minimum packet capture unit is a packet. The packet capture process is as follows:
1. The device captures a specific number of bytes from a packet and generates a packet capture record, ignoring the remaining part of the packet (if any).
2. The device saves the packet capture record in memory.
3. When the maximum number of packet capture records for a file is reached, the device saves the records to a file and clears the records in memory.
Restrictions and guidelines: Packet capture configuration
Start packet capture only when necessary. Packet capture affects device performance.
Only one packet capture process can run on the device.
You can configure packet capture parameters only when packet capture is not started.
If packet capture saves .cap files on the device, back up the .cap files on the device as required after you finish packet capture. Starting packet capture again deletes the existing .cap files.
Packet capture is supported only for the default context and non-default contexts that use their own respective interfaces. It is not supported on shared interfaces of a non-default context. For more information about contexts, see context configuration in Virtual Technologies Configuration Guide.
Packet capture tasks at a glance
To configure packet capture, perform the following tasks:
1. Configuring packet capture settings
Configuring packet capture settings
1. Enter system view.
system-view
2. Set the maximum packet size for a packet capture record.
packet-capture max-bytes bytes
By default, the maximum packet size is 1600 bytes for a packet capture record.
To capture all bytes of packets, make sure the maximum packet size for a packet capture record is equal to or greater than the interface MTU.
3. Set the maximum number of packet capture records for a file.
packet-capture max-file-packets number
By default, the maximum number of packet capture records is 100 for a file.
4. Specify the storage directory for the .cap files.
packet-capture storage { local [ limit limit-space ] | remote serverpath [ vpn-instance vpn-instance-name ] [ user username [ password { cipher | simple } string ] ] }
The default storage directory is the pcap directory of the default file system on the master.
Starting packet capture
1. Enter system view.
system-view
2. Start packet capture.
packet-capture start [ acl { acl-number | ipv6 acl-number } | interface interface-type interface-number | vlan vlan-id&<1-5> ] * [ inbound | outbound ]
By default, the system does not capture packets.
Stopping packet capture
About this task
Saving packet capture records to a file takes time. The packet-capture stop command without the immediately keyword saves all packet capture records to a file before stopping packet capture. If you do not want to use the packet capture records in memory, execute the packet-capture stop immediately command.
Procedure
1. Enter system view.
system-view
2. Stop packet capture.
packet-capture stop [ immediately ]
Display and maintenance commands for packet capture
Execute display commands in any view.
|
Command |
|
|
Display packet capture settings and status information. |
display packet-capture status |
Packet capture configuration examples
Example: Configuring packet capture
Network configuration
As shown in Figure 1, capture packets on GigabitEthernet 1/0/1. Set the maximum packet size for a packet capture record to 3000 bytes. Use a remote file server to save the .cap files.
Procedure
1. Assign IP addresses to interfaces:
# Assign an IP address to interface GigabitEthernet 1/0/1.
<Device> system-view
[Device] interface gigabitethernet 1/0/1
[Device-GigabitEthernet1/0/1] ip address 10.1.1.1 255.255.255.0
[Device-GigabitEthernet1/0/1] quit
# Assign IP addresses to other interfaces in the same way. (Details not shown.)
2. Add interfaces to security zones.
[Device] security-zone name trust
[Device-security-zone-Trust] import interface gigabitethernet 1/0/1
[Device-security-zone-Trust] quit
[Device] security-zone name dmz
[Device-security-zone-DMZ] import interface gigabitethernet 1/0/3
[Device-security-zone-DMZ] quit
3. Configure a security policy:
# Configure a rule named capturelocalout to allow the device to transfer captured packets to the FTP server. In this example, the FTP server address is 10.1.2.2/24.
[Device] security-policy ip
[Device-security-policy-ip] rule name capturelocalout
[Device-security-policy-ip-1-capturelocalout] source-zone local
[Device-security-policy-ip-1-capturelocalout] destination-zone dmz
[Device-security-policy-ip-1-capturelocalout] destination-ip-host 10.1.2.2
[Device-security-policy-ip-1-capturelocalout] action pass
[Device-security-policy-ip-1-capturelocalout] quit
[Device-security-policy-ip] quit
4. Configure packet capture:
# Set the storage directory for the .cap files to ftp://ftp.remote.com/pcap/. Specify the username and password for accessing the FTP server.
<Device> system-view
[Device] packet-capture storage remote ftp://ftp.remote.com/pcap/ user zhangsan password simple 123456TESTplat&!
# Set the maximum packet size for a packet capture record to 3000 bytes.
[Device] packet-capture max-bytes 3000
# Start packet capture on GigabitEthernet 1/0/1.
[Device] packet-capture start interface gigabitethernet 1/0/1
Verifying the configuration
# Display packet capture settings and status information.
[Device] display packet-capture status
Capture status: Started
Filter: Interface GigabitEthernet1/0/1
# Use a packet analyzer to display captured packets. (Details not shown.)
