Configuration Note 2. Capturing Packets
Version 7.2 13 Troubleshooting the MSBR
2.2 Capturing Data on Logical Interfaces
The “debug capture data interface” command is used to debug traffic on a specific interface,
filtering specific protocols (ICMP/IP/UDP/TCP) and a specific host. You may choose to view
the packets on the terminal or upload to TFTP.
Use the following command to capture traffic on a logical interface:
Table 2-5: Capturing Traffic on Logical Interface Command
Command Description
interface <interface>
<ipsec> proto <all | arp |
icmp | ip | ipv6 | tcp |
udp> host <IP | IPv6 |
all> <cr | port> <any | 1-
65535 <cr | ftp | tftp> IP
<interface>: Defines the interface to capture the data on.
<proto | ipsec>: If IPSec is selected, it is decrypted and
captured.
<all | arp | icmp | ip | ipv6 | tcp | udp>: Selects protocol
for capturing.
host <IP | IPv6 | all>: Selects traffic to capture using the
IP or IPv6 address as a filter.
<cr | port> <any | 1 – 65535>: Selects
or press Enter. If you press Enter, the packets are
displayed on the console.
<cr | ftp | tftp> IP: Press Enter to display the captured
packets on screen, or send captured packets to TFTP or
2.2.1 Capturing Data on an Interface Example
The following example captures data from the multilink interface on the T1-WAN side and
sends it to a TFTP server. A specific host and port range can be added to make the debug
capture more specific.
debug capture data interface multilink 1 proto tcp host any port
any
06:29:41.793398 In ethertype IPv4 (0x0800), length 1460: (tos
0x0, ttl 54, id 58110, offset 0, flags [DF], proto: TCP (6),
length: 1444) 173.194.6.231.443 > 192.168.10.20.38927: .
4141989486:4141990878(1392) ack 1232903466 win 274
<nop,nop,timestamp 300300901 26314826>
06:29:41.844319 In ethertype IPv4 (0x0800), length 1460: (tos
0x0, ttl 54, id 58111, offset 0, flags [DF], proto: TCP (6),
length: 1444) 173.194.6.231.443 > 192.168.10.20.38927: .
1392:2784(1392) ack 1 win 274 <nop,nop,timestamp 300300908
26314828>
06:29:41.793742 Out ethertype IPv4 (0x0800), length 80: (tos 0x0,
ttl 63, id 29799, offset 0, flags [DF], proto: TCP (6), length:
64) 72.1.119.102.38927 > 173.194.6.231.443: ., cksum 0x48c6
(correct), ack 4141988094 win 3451 <nop,nop,timestamp 26314849
300300824,nop,nop,sack 1 {1393:2785}>
06:29:41.793888 Out ethertype IPv4 (0x0800), length 80: (tos 0x0,
ttl 63, id 29800, offset 0, flags [DF], proto: TCP (6), length:
64) 72.1.119.102.38927 > 173.194.6.231.443: ., cksum 0x4356
(correct), ack 1 win 3451 <nop,nop,timestamp 26314849
300300824,nop,nop,sack 1 {1393:4177}>
To Next Page
Loading...
Need help?
General
