Packet Capture

OcNOS SP : Troubleshooting Guide : Packet Capture

Packet Capture

Overview

Packet capture allows network administrators to monitor ingress and egress traffic on an interface. Using the sniff command, packets can be captured and analyzed to diagnose network issues, such as traffic anomalies, protocol errors, or connectivity problems.

sniff

Use this command to capture an egress or ingress packets on a specified interface and sends the captured packets to the sniff0 or sniff1 interfaces, based on the configuration.

Note: Sniff feature is for limited purpose only. To get the full packet captures, use mirroring to an external port; refer to the Traffic Mirroring Commands section in the OcNOS Layer 2 Guide.

Command Syntax

sniff (rx|tx|both) (<0-60>|) (sniff1|)

Parameters

both

Captures both ingress and egress packets.

Captures ingress packets only.

Captures egress packets only.

<0-60>

Duration (in minutes) to capture packets. Default: 1 minute. 0 means indefinite capture.

sniff1

Configures the sniff output to sniff1.

Default

sniff0 will be used

Example

To enable packet capture on interface xe0 for both ingress and egress packets indefinitely:

OcNOS# configure terminal

OcNOS(config)# interface xe0

OcNOS(config-if)# sniff both 0

OcNOS(config-if)# commit

OcNOS(config-if)# end

To verify the enabled sniff interfaces:

OcNOS#show sniff enabled interfaces

interface direction timer(min) sniff o/p

xe0 rx:tx 0 sniff0

Once sniffing is enabled, use tcpdump to analyze the captured packets from the Linux shell:

OcNOS#start-shell

root@OcNOS:~# tcpdump -xxi sniff0

tcpdump: verbose output suppressed, use -v[v]... for full protocol decode

listening on sniff0, link-type EN10MB (Ethernet), snapshot length 262144 bytes

10:11:00.830883 STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id f000.e8:c5:7a:8f:7e:77.2fff, length 36

0x0000: 0180 c200 0000 e8c5 7a8f 7e9b 0027 4242

0x0010: 0300 0002 023c f000 e8c5 7a8f 7e77 0000

0x0020: 0000 f000 e8c5 7a8f 7e77 2fff 0000 1400

0x0030: 0200 0f00 0000 0000 00

10:11:00.831230 STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 8000.e8:c5:7a:8f:7e:77.838c, length 36

0x0000: 0180 c200 0008 e8c5 7a8f 7e9b 0027 4242

0x0010: 0300 0002 023c 8000 e8c5 7a8f 7e77 0000

0x0020: 0000 8000 e8c5 7a8f 7e77 838c 0000 1400

0x0030: 0200 0f00 0000 0000 00