capture-packet
Format
capture-packet { interface interface-type interface-number | acl { ipv4-acl | ipv6 ipv6-acl } } * [ vlan vlan-id | cvlan cvlan-id ] * destination { file file-name | terminal } * [ car cir car-value | time-out time-out-value | packet-num number | packet-len length | { inbound | outbound } ] *
Only the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730S-H, S6730-S, and S6730S-S support the cvlan cvlan-id and car cir car-value parameters.
Only the S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-HI, S6730-H, S6730S-H, S6730-S, and S6730S-S support the inbound and outbound parameters. If the inbound and outbound parameters are not specified, the switch captures both incoming and outgoing packets on the interface. Other switch models capture only incoming packets on the interface.
Parameters
Parameter |
Description |
Value |
|---|---|---|
interface interface-type interface-number |
Captures packets on a specified interface.
|
- |
acl { ipv4-acl | ipv6 ipv6-acl } |
Captures packets matching a specified ACL or ACL6. NOTE:
The specified ACL or ACL6 must exist and contain ACL rules. The destination IPv6 address should not be specified in rules of the ACL6 for the S2720-EI, S5720I-SI, S5720-LI, S5735-L, S5735S-L, S5735S-L-M, S5720S-LI, S5720S-SI, S5720-SI, S5735-S, S5735S-S, S5735-S-I, S5730S-EI, S5730-SI, S6720-LI, S6720S-LI, S6720S-SI, or S6720-SI. Otherwise, packets will fail to be captured. |
|
vlan vlan-id |
Captures packets from a specified VLAN. |
The value is an integer in the range from 1 to 4094. |
cvlan cvlan-id |
Captures packets with a specified inner VLAN ID. |
The value is an integer in the range from 1 to 4094. |
destination |
Indicates the destination to which captured packet information is sent. |
- |
file file-name |
Saves captured packet information to a file. The file name extension must be .cap. |
The value is a string of 5 to 63 characters that cannot contain the following special characters: ~ * : / \ ' " < > |
terminal |
Displays captured packet information on a terminal. |
- |
car cir car-value |
Specifies the rate at which packets are captured. |
The value is an integer in the range from 8 to 256, in kbit/s. The default value is 64 kbit/s. |
time-out time-out-value |
Specifies the timeout period for packet capture. The system stops capturing packets after the specified timeout period elapses. |
|
packet-num number |
Specifies the number of packets to be captured. The system stops capturing packets after the specified number of packets are captured. |
|
packet-len length |
Specifies the length of captured packets. |
The value is an integer in the range from 20 to 64, in bytes. The default value is 64 bytes. |
inbound |
Captures incoming packets on the interface. |
- |
outbound |
Captures outgoing packets on the interface. |
- |
Usage Guidelines
Usage Scenario
If an error occurs in service traffic forwarding (for example, the traffic status does not match the traffic model), you can configure the switch to capture service packets for analysis so that the switch can quickly identify invalid packets.
Precautions
- Currently, packets on the management interface, logical stack ports, and stack member ports cannot be captured.
- If the IP addresses of ARP packets on the control plane match the IP addresses in a basic or advanced ACL, these ARP packets can also be captured.
- The packet capture configuration is not saved in the configuration file, and becomes invalid when packet capture is complete.
- Different packet capture instances cannot be executed simultaneously. That is, a new packet capture instance can be executed only when the previous one is complete.
- The system limits the rate of captured packets. The default rate limit is 64 kbit/s. If the rate of packets exceeds the limit, some packets may be discarded.
- The device cannot capture the packets of fast ICMP reply, BFD, 802.1ag, and VBST.
- When an S2720-EI, S5720I-SI, S5720-LI, S5735-L, S5735S-L, S5735S-L-M, S5720S-LI, S5720S-SI, S5720-SI, S5735-S, S5735S-S, S5735-S-I, S5730S-EI, S5730-SI, S6720-LI, S6720S-LI, S6720S-SI, or S6720-SI discards the packets that it cannot forward, packets may not be captured in some situations. It is recommended that you obtain packets in other ways, such as mirroring.
- For the S2720-EI, S5720-LI, S5735-L, S5735S-L, S5735S-L-M, S5720S-LI, S5720-SI, S5735-S, S5735S-S, S5735-S-I, S5720S-SI, S5720I-SI, S5730-SI, S5730S-EI, S6720-LI, S6720S-LI, S6720-SI, and S6720S-SI, the VLAN ID in the packets captured using this command is not the original VLAN ID but the VLAN ID replaced during Layer 3 forwarding. However, the packets can be forwarded normally without affecting services.
- In an SVF system, an Eth-Trunk bound to a fabric port does not support service packet capture.
Example
# Capture packets on the interface GigabitEthernet0/0/1, saves them to the capture.cap file, and display them on the terminal (on a switch that supports capture of outgoing packets on an interface).
<HUAWEI> system-view [HUAWEI] capture-packet interface gigabitethernet 0/0/1 destination file capture.cap terminal [HUAWEI] Packet(inbound): 1 ------------------------------------------------------- ff ff ff ff ff ff 00 00 c1 02 01 02 81 00 00 58 08 00 45 00 00 52 00 00 00 00 40 72 c8 33 58 01 01 02 58 01 01 03 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 ------------------------------------------------------- Packet(outbound): 1 ------------------------------------------------------- ff ff ff ff ff ff 00 00 c1 02 01 02 08 00 45 00 00 52 00 00 00 00 40 72 c8 33 58 01 01 02 58 01 01 03 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d ------------------------------------------------------- -----------------packet getting report----------------- file: flash:/capture.cap packets getting: interface GigabitEthernet0/0/1 acl: - vlan: - cvlan: - car: 64kbps timeout: 60s packets: 100 (expected) 1 (inbound actual) 1 (outbound actual) length without tunnel header: 64 (expected) -------------------------------------------------------
# Capture packets on the interface GigabitEthernet0/0/1, saves them to the capture.cap file, and display them on the terminal (on a switch that does not support capture of outgoing packets on an interface).
<HUAWEI> system-view [HUAWEI] capture-packet interface gigabitethernet 0/0/1 destination file capture.cap terminal [HUAWEI] Packet: 1 ------------------------------------------------------- 01 80 c2 00 00 00 00 e0 09 87 78 90 81 00 00 01 00 69 42 42 03 00 00 03 02 7c 80 00 00 e0 09 87 78 90 00 00 00 00 80 00 00 e0 09 87 78 90 80 23 00 00 14 00 02 00 0f 00 00 00 40 00 72 67 31 00 ------------------------------------------------------- Packet: 2 ------------------------------------------------------- 01 80 c2 00 00 00 00 e0 09 87 78 90 81 00 00 01 00 69 42 42 03 00 00 03 02 7c 80 00 00 e0 09 87 78 90 00 00 00 00 80 00 00 e0 09 87 78 90 80 23 00 00 14 00 02 00 0f 00 00 00 40 00 72 67 31 00 ------------------------------------------------------- -----------------packet getting report----------------- file: flash:/capture.cap packets getting: interface GigabitEthernet0/0/1 acl: - vlan: - cvlan: - car: 64kbps timeout: 60s packets: 100 (expected) 2 (actual) length without tunnel header: 64 (expected) -------------------------------------------------------
Item |
Description |
|---|---|
Packet(inbound): i |
ith captured (incoming/outgoing) packet.
|
file |
Local path that stores captured packets. If NULL is displayed, captured packets are displayed to the terminal. |
packets getting |
|
acl |
ACL number matched by captured packets. |
acl ipv6 |
ACL6 number matched by captured packets. |
vlan |
VLAN ID of captured packets. |
cvlan |
Inner VLAN ID of captured packets. |
car |
Rate of captured packets. |
timeout |
Timeout period of packet capture. The system stops capturing packets after the specified timeout period elapses. |
packets |
|
length without tunnel header |
Length of captured packets, excluding the length of tunnel headers. |