No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade
How to Capture Packets
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
How to Capture Packets

How to Capture Packets

Overview of Packet Capture

Security Declaration

The packet capture function is mainly used for network detection and fault management and may involve personal communication information. Huawei cannot collect or store user communication information without permission. It is recommended that relevant functions used to collect or store user communication information be enabled in adherence with applicable laws and regulations. During the usage and storage of user communication information, measures must be taken to protect user communication information.

This document uses S series switches of V200R013C00 as an example.

Definition

Packet capture technology captures packets from devices and provides a way to locate network problems.

Benefits

Maintenance personnel can view captured packets on the command line interface (CLI), save captured packets in a specified file, and download the captured packets to a local PC for analysis. This greatly improves maintenance efficiency and reduces maintenance costs.

Classification

The switch can capture the following types of packets:

  • Service packets
  • Packets sent to the CPU

Capturing Service Packets

You can run the capture-packet { interface interface-type interface-number | acl { ipv4-acl | ipv6 ipv6-acl } } * [ vlan vlan-id | cvlan cvlan-id ] * destination { file file-name | terminal } * [ car cir car-value | time-out time-out-value | packet-num number | packet-len length | { inbound | outbound } ] * [ packet-info ] command in the system view or diagnostic view to capture service packets that match specified rules.

Parameters

Parameter

Description

Value

interface interface-type interface-number

Captures packets on a specified interface.

  • interface-type specifies the interface type.
  • interface-numberspecifies the interface number.

The interface must exist on the switch and cannot be a management interface.

acl { ipv4-acl | ipv6 ipv6-acl }

Captures packets matching a specified ACL or ACL6.

The specified ACL or ACL6 and the corresponding rules must have been created. For other fixed switches excluding the S5720EI, S5720HI, S5730HI, S6720EI, S6720HI, and S6720S-EI, the destination IPv6 address cannot be specified in an ACL6 rule. Otherwise, packets cannot be captured.

  • ipv4-acl: On the S5720EI, S5720HI, S5730HI, S6720EI, S6720HI, S6720S-EI, and modular switches, the value is an integer in the range from 2000 to 5999. For other fixed switches, the value is an integer in the range from 2000 to 4999.
  • ipv6-acl: The value is an integer in the range from 2000 to 3999.

vlan vlan-id

Captures packets from a specified VLAN.

The value is an integer in the range from 1 to 4094.

cvlan cvlan-id

Captures packets with a specified inner VLAN ID.

Only the S5720EI, S5720HI, S5730HI, S6720EI, S6720HI, S6720S-EI, and modular switches support this parameter.

The value is an integer in the range from 1 to 4094.

destination { file file-name | terminal } *

Indicates the mode in which captured packets are stored:

  • file file-name: Saves captured packets to a file. The file name extension must be .cap.
  • terminal: Displays captured packets on a terminal.

The value of file-name is a string of 5 to 63 characters.

car cir car-value

Specifies the rate at which packets are captured, that is, the total number of bytes of packets that can be captured by the device in a unit of time (1s).

Only the S5720EI, S5720HI, S5730HI, S6720EI, S6720HI, S6720S-EI, and modular switches support this parameter.

The value is an integer in the range from 8 to 256, in kbit/s. The default value is 64.

time-out time-out-value

Specifies the timeout interval for capturing packets. The system stops capturing packets after the specified timeout interval expires.

The value is an integer in the range from 1 to 300, in seconds. The default value is 60.

packet-num number

Specifies the number of packets to be captured. The system stops capturing packets after the specified number of packets are captured.

The value is an integer in the range from 1 to 1000. The default value is 100.

packet-len length

Specifies the length of captured packets.

The value is an integer in the range from 20 to 64, in bytes. The default value is 64.

inbound

Captures packets received on an interface.

Only the S5720HI, S5730HI, and S6720HI, and LE1D2S04SEC0 card, LE1D2X32SEC0 card, LE1D2H02QEC0 card, and X series cards on modular switches support inbound and outbound parameters. If inbound and outbound are not specified, both packets received and sent by an interface are captured. Other cards and fixed switches do not support inbound or outbound and can only capture packets received by interfaces.

-

outbound

Captures packets sent by an interface.

-

packet-info

Parses basic information about captured packets, such as the source and destination MAC addresses or IP addresses.

This parameter can be specified only when this command is run in the diagnostic view. The switch can parse basic information about the captured packets only when this parameter is specified and the length of the captured packet is greater than or equal to 48 bytes (that is, the value of packet-len length is greater than or equal to 48).

-

Feature Limitations

  • S series switches cannot capture packets on the management interface, ICMP packets of fast ICMP reply, BFD packets, 802.1ag packets, and VBST BPDUs.
  • The packet capture configuration is not saved in the configuration file, and becomes invalid when packet capture is complete. Before current packet capture is complete, packet capture cannot be reconfigured.
  • If IP addresses of ARP packets on the control plane match a basic or advanced ACL rule, the ARP packets can still be captured.

Example

# Capture packets on GE0/0/1, parse basic information, and display the information on the terminal (packet capture in the diagnostic view of the S5720HI is used as an example).

<HUAWEI> system-view
[HUAWEI] diagnose
[HUAWEI-diagnose] capture-packet interface gigabitethernet 0/0/1 destination terminal packet-num 1 packet-len 48 packet-info
[HUAWEI-diagnose]
  Packet(inbound): 1
  -------------------------------------------------------
  01 00 5e 0b 01 72 78 1d ba 32 04 a1 81 00 00 01 
  08 00 45 00 05 4c 00 00 40 00 7d 11 fa 66 0a f0 
  02 cd ef 0b 01 72 1f 6a 56 ce 05 38 e2 d7 80 21 
  -------------------------------------------------------

  DMAC: 0100-5e0b-0172      SMAC: 781d-ba32-04a1
  VLAN: 1       8021P: 0
  IPv4 Next Proto: 17       TTL: 125     DSCP: 0
  SIP: 10.240.2.205        DIP: 10.11.1.114
  UDP Multicast Packet RTP SEQ: 23354
  UDP Multicast Packet Time Stamp: 2018/12/11 23:02:40
  -------------------------------------------------------

  -----------------packet getting report-----------------
  file: NULL 
  packets getting: interface GigabitEthernet0/0/1 
  acl: - 
  vlan: -  cvlan: - 
  car: 64kbps timeout: 60s 
  packets: 1 (expected)
           1 (inbound actual) 0 (outbound actual)
  length: 48 (expected) 
  ------------------------------------------------------
Table 1-1 Description of the capture-packet command output

Item

Description

Packet(inbound): i

ith captured (incoming/outgoing) packet.

  • inbound: incoming packet

  • outbound: outgoing packet

DMAC

Destination MAC address.

SMAC

Source MAC address.

VLAN

VLAN ID.

8021P

802.1p priority.

IPv4 Next Proto

Protocol number used by the data in a data packet.

TTL

TTL value.

DSCP

DSCP value.

SIP

Source IP address.

DIP

Destination IP address.

UDP Multicast Packet RTP SEQ

Sequence number of a multicast RTP packet. This field is displayed only when multicast packets are captured.

UDP Multicast Packet Time Stamp

Time when the first byte in a multicast RTP packet is sampled. This field is displayed only when multicast packets are captured.

Packet Protocol = 0x86dd is IPv6 Packet.

IPv6 packet indicated by the protocol type value of 0x86dd.

file

Local path that stores captured packets.

packets getting

  • Specific interface name: Packets on this interface are captured.

  • global: Packets matched a specified ACL or ACL6 are captured.

acl

ACL number matched by captured packets.

acl ipv6

ACL6 number matched by captured packets.

vlan

VLAN ID of captured packets.

cvlan

Inner VLAN ID of captured packets.

car

Rate of captured packets.

timeout

Timeout interval of packet capture. The system stops capturing packets after the specified time interval.

packets

  • expected: number of packets expected to be captured

  • actual: actual number of captured packets

  • inbound actual: actual number of captured incoming packets

  • outbound actual: actual number of captured outgoing packets

length

Length of captured packets.

Capturing Packets Sent to the CPU

You can run the capture-packet cpu [ vlan vlan-id | acl { ipv4-acl | ipv6 ipv6-acl } ] * destination { file file-name | terminal } * [ time-out time-out-value | packet-num number | packet-len length ] * packet-info command in the system view or diagnostic view to capture packets sent to the CPU.

Parameters

Parameter

Description

Value

vlan vlan-id

Captures packets from a specified VLAN.

The value is an integer in the range from 1 to 4094.

acl { ipv4-acl | ipv6 ipv6-acl }

Captures packets matching a specified ACL or ACL6.

The specified ACL or ACL6 and the corresponding rules must have been created. For other fixed switches excluding the S5720EI, S5720HI, S5730HI, S6720EI, S6720HI, and S6720S-EI, the destination IPv6 address cannot be specified in an ACL6 rule. Otherwise, packets cannot be captured.

  • ipv4-acl: On the S5720EI, S5720HI, S5730HI, S6720EI, S6720HI, S6720S-EI, and modular switches, the value is an integer in the range from 2000 to 5999. For other fixed switches, the value is an integer in the range from 2000 to 4999.
  • ipv6-acl: The value is an integer in the range from 2000 to 3999.

destination { file file-name | terminal } *

Indicates the mode in which captured packets are stored:

  • file file-name: Saves captured packets to a file. The file name extension must be .cap.
  • terminal: Displays captured packets on a terminal.

The value of file-name is a string of 5 to 63 characters.

time-out time-out-value

Specifies the timeout interval for capturing packets. The system stops capturing packets after the specified timeout interval expires.

The value is an integer in the range from 1 to 300, in seconds. The default value is 60.

packet-num number

Specifies the number of packets to be captured. The system stops capturing packets after the specified number of packets are captured.

The value is an integer in the range from 1 to 1000. The default value is 100.

packet-len length

Specifies the length of captured packets.

The value is an integer in the range from 20 to 64, in bytes. The default value is 64.

packet-info

Parses basic information about captured packets, such as the source and destination MAC addresses or IP addresses.

This parameter can be specified only when this command is run in the diagnostic view. The switch can parse basic information about the captured packets only when this parameter is specified and the length of the captured packet is greater than or equal to 48 bytes (that is, the value of packet-lenlength is greater than or equal to 48).

-

Feature Limitations

The packet capture configuration is not saved in the configuration file, and becomes invalid when packet capture is complete. Before current packet capture is complete, packet capture cannot be reconfigured.

Example

# Capture packets sent to the CPU, parse basic information, and display the information on the terminal (packet captured in the diagnostic view of the S5720HI is used as an example).

<HUAWEI> system-view
[HUAWEI] diagnose
[HUAWEI-diagnose] capture-packet cpu destination terminal packet-num 1 packet-info
[HUAWEI-diagnose]
  Packet: 1
  -------------------------------------------------------
  ff ff ff ff ff ff 00 00 c1 0e 01 02 81 00 00 c8
  08 00 45 00 00 52 00 00 00 00 40 11 f6 7b c1 0e
  01 02 c1 0e 01 01 00 44 00 43 00 3e 00 00 00 01
  02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11
  -------------------------------------------------------

  DMAC: ffff-ffff-ffff      SMAC: 0000-c10e-0102
  VLAN: 2048    8021P: 6
  IPv4 Next Proto: 17       TTL: 64      DSCP: 0
  SIP: 192.168.1.2        DIP: 192.168.1.1
  -------------------------------------------------------

  -----------------packet getting report-----------------
  file: NULL
  packets getting: cpu
  acl: -
  vlan: -  cvlan: -
  car: -- timeout: 60s
  packets: 1 (expected) 1 (actual)
  length: 64 (expected)
  -------------------------------------------------------
Table 1-2 Description of the capture-packet cpu command output

Item

Description

Packet: i

ith captured packet.

DMAC

Destination MAC address.

SMAC

Source MAC address.

VLAN

VLAN ID.

8021P

802.1p priority.

IPv4 Next Proto

Protocol number used by the data in a data packet.

TTL

TTL value.

DSCP

DSCP value.

SIP

Source IP address.

DIP

Destination IP address.

UDP Multicast Packet RTP SEQ

Sequence number of a multicast RTP packet. This field is displayed only when multicast packets are captured.

UDP Multicast Packet Time Stamp

Time when the first byte in a multicast RTP packet is sampled. This field is displayed only when multicast packets are captured.

Packet Protocol = 0x86dd is IPv6 Packet.

IPv6 packet indicated by the protocol type value of 0x86dd.

file

Local path that stores captured packets.

packets getting

The system captures the packets to be sent to the CPU.

acl

ACL number matched by captured packets.

acl ipv6

ACL6 number matched by captured packets.

vlan

VLAN ID of captured packets.

cvlan

Inner VLAN ID of captured packets.

car

Rate of captured packets.

timeout

Timeout interval of packet capture. The system stops capturing packets after the specified time interval.

packets

  • expected: number of packets expected to be captured

  • actual: actual number of captured packets

length

Length of captured packets.

Translation
Download
Updated: 2019-06-17

Document ID: EDOC1100088102

Views: 1837

Downloads: 79

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next