Login
- Table of Contents
-
- 11-Network Management and Monitoring Command Reference
- 00-Preface
- 01-System maintenance and debugging commands
- 02-NQA commands
- 03-iNQA commands
- 04-Packet trace commands
- 05-NTP commands
- 06-PTP commands
- 07-SNMP commands
- 08-RMON commands
- 09-Event MIB commands
- 10-NETCONF commands
- 11-CWMP commands
- 12-EAA commands
- 13-Process monitoring and maintenance commands
- 14-Sampler commands
- 15-Mirroring commands
- 16-NetStream commands
- 17-IPv6 NetStream commands
- 18-NetAnalysis commands
- 19-sFlow commands
- 20-Information center commands
- 21-GOLD commands
- 22-Packet capture commands
- 23-VCF fabric commands
- 24-Performance management commands
- 25-TCP connection trace commands
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 22-Packet capture commands | 71.70 KB |
Packet capture commands
display packet-capture status
Use display packet-capture status to display status information about local or remote packet capture.
Syntax
display packet-capture status
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display status information about local or remote packet capture.
<Sysname> display packet-capture status
Status : Capturing
File Name : flash:/a.pcap
User Name : N/A
Password : N/A
Table 1 Command output
|
Field |
Description |
|
Status |
Packet capture status. Only the Capturing status is supported in the current software version. |
|
Username |
Username for logging in to the remote FTP server. |
|
Password |
Password for logging in to the remote FTP server. Both passwords in encrypted form and in plaintext form are displayed as ******. If no password is required or configured, this filed displays N/A. |
packet-capture local interface
Use packet-capture local interface to capture incoming packets on an interface and save the captured packets to a local file or to a remote file on an FTP server.
Syntax
packet-capture local interface interface-type interface-number [ bidirection [ match-info { ip ipv4-address | ipv6 ipv6-address | { inbound-acl [ ipv6 ] { acl-number | name acl-name } | outbound-acl [ ipv6 ] { acl-number | name acl-name } } * | mac mac-address } ] | [ outbound ] [ match-info { acl [ ipv6 ] { acl-number | name acl-name } | ip ipv4-address | ipv6 ipv6-address | mac mac-address } ] ] [ capture-filter capt-expression | limit-frame-size bytes | autostop filesize kilobytes | autostop duration seconds ] * write { filepath | url url [ username username [ password { cipher | simple } string ] ] }
Views
User view
Predefined user roles
network-admin
Parameters
interface-type interface-number: Specifies an Ethernet interface by its type and number.
bidirection: Captures both incoming and outgoing packets. If you do not specify this keyword or the outbound keyword, the command captures incoming packets.
outbound: Captures outgoing packets. If you do not specify this keyword or the bidirection keyword, the command captures incoming packets.
match-info: Matches packets to capture based on non-regular-expression filtering conditions.
ip ipv4-address: Matches packets sourced from the specified IPv4 address in the inbound direction and matches packets destined for the specified IPv4 address in the outbound direction.
ipv6 ipv6-address: Matches packets sourced from the specified IPv6 address in the inbound direction and matches packets destined for the specified IPv6 address in the outbound direction.
inbound-acl [ ipv6 ] { acl-number | name acl-name }: Specifies an ACL to match packets in the inbound direction.
· ipv6: Specifies an IPv6 ACL. To specify an IPv4 ACL, do not specify this keyword.
· acl-number: Specifies a numbered basic or advanced ACL by its number. The value range for a basic ACL number is 2000 to 2999. The value range for an advanced ACL number is 3000 to 3999.
· name acl-name: Specifies a named basic or advanced ACL by its name. The acl-name argument represents the ACL name, a case-insensitive string of 1 to 63 characters. It must start with an English letter. To avoid confusion, it cannot be all.
outbound-acl [ ipv6 ] { acl-number | name acl-name }: Specifies an ACL to match packets in the outbound direction.
· ipv6: Specifies an IPv6 ACL. To specify an IPv4 ACL, do not specify this keyword.
· acl-number: Specifies a numbered basic or advanced ACL by its number. The value range for a basic ACL number is 2000 to 2999. The value range for an advanced ACL number is 3000 to 3999.
· name acl-name: Specifies a named basic or advanced ACL by its name. The acl-name argument represents the ACL name, a case-insensitive string of 1 to 63 characters. It must start with an English letter. To avoid confusion, it cannot be all.
acl [ ipv6 ] { acl-number | name acl-name }: Specifies an ACL to match packets of interest. If you specify the outbound keyword, the ACL matches packets in the outbound direction. If you do not specify the outbound keyword, the ACL matches packets in the inbound direction.
· ipv6: Specifies an IPv6 ACL. To specify an IPv4 ACL, do not specify this keyword.
· acl-number: Specifies a numbered basic or advanced ACL by its number. The value range for a basic ACL number is 2000 to 2999. The value range for an advanced ACL number is 3000 to 3999.
· name acl-name: Specifies a named basic or advanced ACL by its name. The acl-name argument represents the ACL name, a case-insensitive string of 1 to 63 characters. It must start with an English letter. To avoid confusion, it cannot be all.
mac mac-address: Matches packets sourced from the specified MAC address in the inbound direction and matches packets destined for the specified MAC address in the outbound direction.
capture-filter capt-expression: Specifies an expression to match packets to be captured, a case-sensitive string of 1 to 256 characters. If you do not specify a capture filter expression, the device does not filter packets to be captured.
limit-frame-size bytes: Sets the maximum number of bytes to capture for a packet. The value range is 64 to 8000 bytes, and the default value is 8000 bytes. If the frame length of a packet exceeds the frame size limit but is less than or equal to 9196 bytes, the system captures only the specified number of bytes from the packet, starting from the first byte. If the frame length exceeds 9196 bytes, the system does not capture the packet.
autostop filesize kilobytes: Stops capturing packets if the maximum packet file size is exceeded when file rotation is disabled. The kilobytes argument sets the maximum packet file size. The value range is 1 to 65536 kilobytes. If you do not set a limit, the packet file size is unlimited.
autostop duration seconds: Stops capturing packets when the capturing duration expires. The seconds argument sets the capturing duration. The value range is 1 to 2147483647 seconds. If you do not set a limit, the capturing duration is unlimited.
write: Stores the captured packet data.
filepath: Specifies the full path of a local packet file to store captured packet data. The path must be a case-sensitive string of up to 64 characters. The filename extension must be .pcap. For more information about setting a file path, see file system management in Fundamentals Configuration Guide.
url url: Specifies the URL of a remote packet file on an FTP server to store captured packet data. The URL must be a case-sensitive string of 1 to 255 characters. The URL string must not contain at signs (@), and the specified username and password. If you do not specify a URL, the captured packet data is not saved.
username username: Specifies a username for logging in to the FTP server. The username is a case-sensitive string of 1 to 32 characters.
password: Specifies a password for logging in to the FTP server.
cipher: Specifies a password in encrypted form.
simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.
string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 32 characters. Its encrypted form is a case-sensitive string of 1 to 73 characters.
Usage guidelines
Packet capture will fail if the next hop of the outgoing packets on an interface is an ECMP.
To stop the capture while it is capturing packets, use the packet-capture stop command.
If you configure both the autostop filesize option and autostop duration option, the packet capture stops when any one of the limits for the stop options is reached.
To filter packets to be captured by using an ACL, make sure the ACL exists and has rules.
· If the applied ACL does not exist or does not have rules, the ACL does not take effect.
· To apply an ACL rule only to a VPN instance, specify that VPN instance in the rule. If you do not specify a VPN instance, the rule applies to packets on the public network.
· If the applied ACL exists and has rules, only packets permitted by the ACL are captured.
Follow these restrictions and guidelines to specify the URL, username, and password:
· The URL format is ftp://FTP server address:port number/file name, where the port number is optional, for example, ftp://192.168.1.1/test.cfg and ftp://192.168.1.1:21/test.cfg. If the server is configured with a port number, you must enter the port number in the URL.
· If the server address is an IPv6 address, enclose the address in a pair of brackets, for example, ftp://[2001::1]/test.cfg and ftp://[2001::1]:21/test.cfg.
· You can also specify the DNS domain name for the server address field, for example, ftp://sdp:21/test.cfg.
· The username and password must be the same as those configured on the FTP server. If the server authenticates only the username, the password can be omitted.
Do not set a short capturing duration in the autostop duration seconds option. If the duration is too short, the capture might stop when a user has not logged in to the FTP server. The captured packets cannot be saved because a packet file has not been created.
Examples
# Capture incoming packets and store the data in the database.pcap file on the FTP server at 10.1.1.1. The username and password for logging in to the FTP server are 1 and 1, respectively.
<Sysname> packet-capture local interface twenty-fivegige 1/0/1 write url ftp://10.1.1.1/database.pcap username 1 password simple 1
Related commands
display packet-capture status
packet-capture stop
packet-capture remote interface
Use packet-capture remote interface to capture incoming packets on an interface.
Syntax
packet-capture remote interface interface-type interface-number [ port port ]
Views
User view
Predefined user roles
network-admin
Parameters
interface-type interface-number: Specifies an Ethernet interface by its type and number.
port port: Specifies the RPCAP service port by its port number. The value range is 1 to 65535. If you do not specify a RPCAP service port, RPCAP service port 2002 is used.
Usage guidelines
After you execute this command, the client (such as Wireshark) connected to the RPCAP port of the device can obtain packets captured on the specified interface.
To stop the capture while it is capturing packets, use the packet-capture stop command.
Examples
# Capture incoming packets on Twenty-FiveGigE 1/0/1 and specify the RPCAP service port number as 2014.
<Sysname> packet-capture remote interface twenty-fivegige 1/0/1 port 2014
Related commands
display packet-capture status
packet-capture stop
packet-capture stop
Use packet-capture stop to stop the local or remote packet capture.
Syntax
packet-capture stop
Views
User view
Predefined user roles
network-admin
Examples
# Stop the local or remote packet capture.
<Sysname> packet-capture stop
Related commands
packet-capture local interface
packet-capture remote interface
