Network administrators often need to capture packets, on switches or routers, to locate faults. Some devices do not support remote mirroring, that’s why administrators have to go on-site to capture packets, using local mirroring.
We have a useful command (capture-packet …), on some devices, to catch packets remotely. When taking S5700 switch into consideration, we can capture all packets from an interface (port mirroring) or packets matching specified rules (traffic mirroring). These capture packets can be sent to FTP or TFTP servers and displayed on terminal screen. CX600 and NE40E routers with V6R3 software version can send capture packets to local CF card (name.cap file).
Let’s look at this command:
[Huawei]capture-packet ? acl Acl cpu Packet send to cpu interface Ingress Interface
As you can see you can use port or traffic mirroring. You can also catch packets sent to CPU.
[Huawei]capture-packet interface GigabitEthernet 0/0/1 destination ? ftp-server Send to ftp server terminal Output terminal tftp-server Send to tftp server
These options let you to send capture packets to FTP server, TFTP server or terminal.
Let’s assume that we want to catch packets on interface GE0/0/1 and display this information on terminal screen:
[Huawei]capture-packet interface GigabitEthernet 0/0/1 destination terminal Info: Captured packets will be shown on terminal. [Huawei] Packet: 1 ------------------------------------------------------- 4c 1f cc 66 48 a4 54 89 98 16 84 42 81 00 00 01 08 00 45 00 00 54 01 ad 00 00 ff 01 b1 f3 02 02 02 02 02 02 02 03 08 00 cb 2f cf ab 01 00 e4 d3 42 00 06 0e 05 00 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f ------------------------------------------------------- Packet: 2 ------------------------------------------------------- 4c 1f cc 66 48 a4 54 89 98 16 84 42 81 00 00 01 08 00 45 00 00 54 01 ae 00 00 ff 01 b1 f2 02 02 02 02 02 02 02 03 08 00 a4 2d cf ab 02 00 0a d6 42 00 06 0e 05 00 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f ------------------------------------------------------- Packet: 3 ------------------------------------------------------- 4c 1f cc 66 48 a4 54 89 98 16 84 42 81 00 00 01 08 00 45 00 00 54 01 af 00 00 ff 01 b1 f1 02 02 02 02 02 02 02 03 08 00 91 2b cf ab 03 00 1c d8 42 00 06 0e 05 00 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f ------------------------------------------------------- Packet: 4 ------------------------------------------------------- 4c 1f cc 66 48 a4 54 89 98 16 84 42 81 00 00 01 08 00 45 00 00 54 01 b0 00 00 ff 01 b1 f0 02 02 02 02 02 02 02 03 08 00 7e 29 cf ab 04 00 2e da 42 00 06 0e 05 00 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f ------------------------------------------------------- Packet: 5 ------------------------------------------------------- 4c 1f cc 66 48 a4 54 89 98 16 84 42 81 00 00 01 08 00 45 00 00 54 01 b1 00 00 ff 01 b1 ef 02 02 02 02 02 02 02 03 08 00 75 27 cf ab 05 00 36 dc 42 00 06 0e 05 00 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f -------------------------------------------------------
Few precautions for capture-packet command:
- If connection to FTP or TFTP servers fails, switch saves capture information locally.
- This command can be only used for upstream traffic.
- Capture packet command is not saved in configuration file.
- You have to wait, to use capture-packet command again, till the last command execution is completed.
More details you can find in product documentation.