Configure Packet Capture
This feature is at Beta. In software version 5.4, it is intended to be used by Gigamon Technical Support.
Use packet capture to assist with debugging traffic. Packets can be captured at an ingress port, an egress port, or both. Packets are captured at the specified port and are stored in a PCAP file.
Packet capture is supported on GigaVUE-HC1, GigaVUE-HC2, and GigaVUE-HC3 nodes. It is supported for standalone nodes, but not for nodes in a cluster.
The port type used for packet capture can be tool, network, hybrid, inline tool, or inline network. They must be physical ports.
To configure packet capture, define filters to capture specific traffic based on rules. The following criteria can be specified in the rules:
| • | source IPv4 address |
| • | destination IPv4 address |
| • | Layer 4 destination port number |
| • | Layer 4 source port number |
| • | Internet protocol |
| • | TCP flags |
Refer to the following notes for packet capture:
| • | The criteria listed above can be defined in any combination. |
| • | The source and destination can only be IPv4 addresses. |
| • | The source and destination can be specified as an IP address or a wildcard with an IP mask. |
| • | The Layer 4 source and destination ports can be specified as a port number only. A range of ports is not supported. |
| • | The TCP flags are control bits, such as SYN, FIN, ACK, URG, specified as 1 byte hex values. |
| • | The number of ports on which packets can be simultaneously captured is 4. |
| • | The number of ports on which tx packets can be captured is 4. |
| • | The number of filters that can be configured on a node is 64. |
| • | The same filter can be specified on multiple ports. |
| • | The same port can have multiple filters configured on it. |
| • | When multiple filters are configured, the traffic matching each filter is stored in a separate PCAP file. |
| • | The PCAP file is stored in the following directory: /var/log/tmp |
Use the show files pcap command to display the PCAP file.
| • | The PCAP file can be exported from the GigaVUE node to an external location using the file pcap upload command. |
Note: If Q-in-Q and packet capture are both configured on a GigaVUE node, there may be a conflict with the 6 tuples.
For details on the parameters for packet capture, refer to the “pcap” section in the GigaVUE-OS CLI Reference Guide.
To configure a packet capture filter, refer to the following example:
|
Step |
Description |
Command |
|||
|
Configure the name of the packet capture filter. |
|
|||
|
Configure the capture port and specify the direction. |
|
|||
|
Specify the channel port. |
|
|||
|
(Optional) Specify the number of packets to capture. If you do not specify a packet limit, delete the packet capture filter to stop capturing. |
|
|||
|
Specify the rule on which to filter traffic and exit from the prefix mode. |
|
To display the packet capture configuration, use the following CLI command:
(config) # show pcap
Packet Capture Rules
Total Pcap Count: 1
01) Pcap alias : p1
Enable : true
Port : 6/1/x7
Direction : tx
Channel-port : 6/1/x1
Packet-limit : 0
Packet hit-count : 0
Rule :
--------------------------------------------------------------
Source IPv4/Mask : 100.10.1.0/255.255.255.0
Source Port : 2048
Protocol : tcp
--------------------------------------------------------------
To stop the packet capture, delete the packet capture filter using the following CLI command:
(config) # no pcap alias p1
To display the PCAP file, use the following CLI command:
(config) # show files pcap
pcap_p1_2018_05_08_17_17.pcap
To upload the PCAP file, use the following CLI command:
(config) # file pcap upload pcap_p1_2018_05_08_17_28.pcap scp://myNode@10.115.0.100/tftpboot/myName/.Password (if required): ***********
Note: Delete the packet capture filter before uploading the PCAP file.
MORE INFORMATION 
