from Huawei command line – “capture-packet …”

Download as PDF

Network administrators often need to capture packets, on switches or routers, to locate faults. Some devices do not support remote mirroring, that’s why administrators have to go on-site to capture packets, using local mirroring.

We have a useful command (capture-packet …), on some devices, to catch packets remotely. When taking S5700 switch into consideration, we can capture all packets from an interface (port mirroring) or packets matching specified rules (traffic mirroring). These capture packets can be sent to FTP or TFTP servers and displayed on terminal screen. CX600 and NE40E routers with V6R3 software version can send capture packets to local CF card (name.cap file).

Let’s look at this command:

[Huawei]capture-packet ?
  acl        Acl
  cpu        Packet send to cpu
  interface  Ingress Interface

As you can see you can use port or traffic mirroring. You can also catch packets sent to CPU.

[Huawei]capture-packet interface GigabitEthernet 0/0/1 destination ?
  ftp-server   Send to ftp server
  terminal     Output terminal
  tftp-server  Send to tftp server

These options let you to send capture packets to FTP server, TFTP server or terminal.

Let’s assume that we want to catch packets on interface GE0/0/1 and display this information on terminal screen:

[Huawei]capture-packet interface GigabitEthernet 0/0/1 destination terminal 
Info: Captured packets will be shown on terminal. 
[Huawei]
  Packet: 1
  -------------------------------------------------------
  4c 1f cc 66 48 a4 54 89 98 16 84 42 81 00 00 01 
  08 00 45 00 00 54 01 ad 00 00 ff 01 b1 f3 02 02 
  02 02 02 02 02 03 08 00 cb 2f cf ab 01 00 e4 d3 
  42 00 06 0e 05 00 00 01 02 03 04 05 06 07 08 09 
  0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 
  1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 
  2a 2b 2c 2d 2e 2f 
  -------------------------------------------------------

  Packet: 2
  -------------------------------------------------------
  4c 1f cc 66 48 a4 54 89 98 16 84 42 81 00 00 01 
  08 00 45 00 00 54 01 ae 00 00 ff 01 b1 f2 02 02 
  02 02 02 02 02 03 08 00 a4 2d cf ab 02 00 0a d6 
  42 00 06 0e 05 00 00 01 02 03 04 05 06 07 08 09 
  0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 
  1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 
  2a 2b 2c 2d 2e 2f 
  -------------------------------------------------------

  Packet: 3
  -------------------------------------------------------
  4c 1f cc 66 48 a4 54 89 98 16 84 42 81 00 00 01 
  08 00 45 00 00 54 01 af 00 00 ff 01 b1 f1 02 02 
  02 02 02 02 02 03 08 00 91 2b cf ab 03 00 1c d8 
  42 00 06 0e 05 00 00 01 02 03 04 05 06 07 08 09 
  0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 
  1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 
  2a 2b 2c 2d 2e 2f 
  -------------------------------------------------------

  Packet: 4
  -------------------------------------------------------
  4c 1f cc 66 48 a4 54 89 98 16 84 42 81 00 00 01 
  08 00 45 00 00 54 01 b0 00 00 ff 01 b1 f0 02 02 
  02 02 02 02 02 03 08 00 7e 29 cf ab 04 00 2e da 
  42 00 06 0e 05 00 00 01 02 03 04 05 06 07 08 09 
  0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 
  1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 
  2a 2b 2c 2d 2e 2f 
  -------------------------------------------------------

  Packet: 5
  -------------------------------------------------------
  4c 1f cc 66 48 a4 54 89 98 16 84 42 81 00 00 01 
  08 00 45 00 00 54 01 b1 00 00 ff 01 b1 ef 02 02 
  02 02 02 02 02 03 08 00 75 27 cf ab 05 00 36 dc 
  42 00 06 0e 05 00 00 01 02 03 04 05 06 07 08 09 
  0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 
  1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 
  2a 2b 2c 2d 2e 2f 
  -------------------------------------------------------

Few precautions for capture-packet command:

  • If connection to FTP or TFTP servers fails, switch saves capture information locally.
  • This command can be only used for upstream traffic.
  • Capture packet command is not saved in configuration file.
  • You have to wait, to use capture-packet command again, till the last command execution is completed.

More details you can find in product documentation.

Advertisements

2 thoughts on “from Huawei command line – “capture-packet …”

    1. labnario Post author

      Hi,
      Based on documentation capturing packets can have impact on device’s forwarding. Especially if you capture packet from a few interfaces in the same time. Just you have to be careful and use traffic mirroring instead of port mirroring, to capture more specific traffic.

      Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s