You are here: Home > CLI Commands > Just_CLI_Topics > packet-capture

packet-capture

packet‑capture

controlpath [interprocess {all |  <ports>}] [other] [sysmsg {all | <opcodes>] [tcp {all | <ports>}] [udp {all | <ports>]]

copy-to-flash {controlpath-pcap | datapath-pcap}

datapath {ipsec <peer-ip>|<peer-ipv6>} [wifi-client <mac-address> {decrypted | encrypted | all}]

destination [interface <slot/module/port>] [ip-address <ip-address>] [local-filesystem]

no

reset-pcap {controlpath-pcap | datapath-pcap}

Description

Use this command to enable or disable packet capturing and set packet capturing options for a single packet capture session.

Syntax

Parameter

Description

Default

controlpath

Enables controlpath packet capture. Captured packets are stored in /var/log/oslog/filter.pcap.

NOTE: Only capture to local-filesystem is supported for controlpath capture.

Disabled

interprocess

Enables or disables interprocess packet capturing. Specify up to ten comma-separated ports to capture; use all to sniff all ports. All CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. ports, which are TCPTransmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. , are always skipped.

Disabled

other

Enable or disable all other types of packets.

Disabled

sysmsg

Enable or disable internal messaging packets. Specify up to ten comma-separated opcodes to capture; use all to sniff all opcodes. All CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. ports, which are TCPTransmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. , are always skipped.

Disabled

tcp

Enable or disable TCPTransmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. packet capturing. Specify up to ten comma-separated ports to capture; use all to sniff all TCPTransmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. ports. All CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. ports, which are TCPTransmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. , are always skipped.

Disabled

udp

Enable or disable UDPUser Datagram Protocol. UDP is a part of the TCP/IP family of protocols used for data transfer. UDP is typically used for streaming media. UDP is a stateless protocol, which means it does not acknowledge that the packets being sent have been received. packet capturing. Specify up to ten comma-separated ports to capture; use all to sniff all UDPUser Datagram Protocol. UDP is a part of the TCP/IP family of protocols used for data transfer. UDP is typically used for streaming media. UDP is a stateless protocol, which means it does not acknowledge that the packets being sent have been received. ports. All CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. ports, which are TCPTransmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. , are always skipped.

Disabled

copy-to-flash

Copies captured packets to the flash.

controlpath-pcap

Copies controlpath captures. They are saved as controlpath-pcap.tar.gz.

datapath-pcap

Copies datapath captures. They are saved as datapath-pcap.tar.gz.

datapath

Enables datapath packet capture. Captured packets are stored in /var/log/oslog/datapath.pcap or mirrored out of the managed device.

Disabled

ipsec <peer-ip>

Enable or disable IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. packet capturing. Enter the IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. peer IP address to specify a given peer.

NOTE: Capture to local-filesystem is not supported with this option.

Disabled

ipsec <peer-ipv6>

Enable or disable IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. packet capturing. Enter the IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. peer IPv6 address to specify a given peer.

NOTE: Capture to local-filesystem is not supported with this option.

Disabled

wifi-client <mac-address>

{decrypted | encrypted | all}

Enable or disable packet capturing from a wifi client. Specify the client device by entering the device's MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address.

Additionally, you can specify what type of traffic captured: decrypted, encrypted, or all.

Disabled

destination

Configures the capture destination.

interface

<slot/module/port>

Interface in <slot>/<module>/<port> format.

ip-address <ip-address>

Sends packet captures to a specific IP address.

 

local-filesystem

Stores captured packets on the managed device in pcap files.

no

Negates any configured parameter.

 

reset-pcap

Deletes old pcap files and restarts the active capture.

controlpath-pcap

Deletes old controlpath pcap files and restarts the active controlpath capture.

 

datapath-pcap

Deletes old datapath pcap files and restarts the active datapath capture.

Usage Guidelines

The packet-capture command can perform two types of packet capture: controlpath and datapath. Controlpath only captures packet destined for the managed device. Datapath captures packets that are being forwarded by the managed device, such as packets from a wifi client.

Packets can be retrieved through the tar logs command; look for the filter.pcap or datapath.pcap file. This command activates packet capture options on the current session. They are not saved and applied across all reboots.

If you do want to enable a packet capture session without setting values that can be saved and used for another session, use the command packet-capture. The related command packet-capture-defaults lets you define a set of packet capture options and save them in the configuration file. These setting will be automatically enabled when the managed device boots up. Any settings defined using the command packet-capture will override packet-capture-defaults.

Example

The following command enables packet capturing for debugging a wireless WEPWired Equivalent Privacy. WEP is a security protocol that is specified in 802.11b and is designed to provide a WLAN with a level of security and privacy comparable to what is usually expected of a wired LAN. station doing VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two.. This example uses the following parameters and values:

Station up/down: sysmsg opcode 30

WEPWired Equivalent Privacy. WEP is a security protocol that is specified in 802.11b and is designed to provide a WLAN with a level of security and privacy comparable to what is usually expected of a wired LAN. key plumbing: sysmsg opcode 29

DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network. : sysmsg opcode 90

IKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard.: UDPUser Datagram Protocol. UDP is a part of the TCP/IP family of protocols used for data transfer. UDP is typically used for streaming media. UDP is a stateless protocol, which means it does not acknowledge that the packets being sent have been received. port 500 and 4500

Layer 2 Tunneling Protocol (L2TPLayer-2 Tunneling Protocol. L2TP is a networking protocol used by the ISPs to enable VPN operations. ): UDPUser Datagram Protocol. UDP is a part of the TCP/IP family of protocols used for data transfer. UDP is typically used for streaming media. UDP is a stateless protocol, which means it does not acknowledge that the packets being sent have been received. port 1701

(host) [/md] (config) #packet‑capture sysmsg 30,29,90 

(host) [/md] (config) #packet‑capture udp 500,4500,1701,1812,1645

Command History

Release

Modification

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

License

Command Mode

All platforms

Base operating system.

Enable mode on Mobility Master.

/*]]>*/