CLI Reference Guide 3. General Commands
Version 6.4 29 January 2012
3.7.3 debug capture data physical
This command records all traffic on the device's interfaces, saving the result in a PCAP-
format file (suitable for Wireshark) on a TFTP server.
Syntax:
The syntax of this command can include the following variations:
debug capture data physical <interface>
debug capture data physical start
debug capture data physical insert-pad
debug capture data physical show
debug capture data physical stop <server-ip>
The command’s syntax format is described below:
Arguments Description
<interface>
Use one of the following: eth-lan, eth-wan, cellular-wan,
shdsl-wan, t1-wan, xdsl-wan – depending on the hardware
capabilities of the device.
This command may be issued multiple times to capture data
from several interfaces at once.
<server-ip> Defines the IP address of a TFTP server on the network,
where the resulting PCAP file will be saved.
Defaults:
By default, capture is inactive.
Notes:
1. Once the start command is issued, recording is performed to an in-memory buffer. If
the buffer becomes full, recording stops.
2. Use the insert-pad command to make a manual mark in the captured file.
3. The stop command creates a file named debug-capture-data-<timestamp>.pcap and
sends it to the TFTP server. The TFTP server must be configured to allow file uploads.
4. The generated PCAP file is in the Extensible Record Format (ERF); recent versions of
Wireshark (1.5.0 or newer) are recommended for proper dissection.
5. Wireshark's ERF settings must be configured as follows:
Command Modes:
Enable
To Next Page
Loading...
