Monitoring Switch Control Traffic
This topic applies only to the J-Web Application package.
Use the packet capture feature when you need to quickly capture and analyze switch control traffic on a switch. The packet capture feature allows you to capture traffic destined for or originating from the Routing Engine.
To use the packet capture feature in the J-Web interface, select Troubleshoot > Packet Capture.
To use the packet capture feature in the CLI, enter the following CLI command:
You can use the packet capture feature to compose expressions with various matching criteria to specify the packets that you want to capture. You can decode and view the captured packets in the J-Web interface as they are captured. The packet capture feature does not capture transient traffic.
Table 88: Packet Capture Field Summary
Specifies the interface on which the packets are captured. If you select default, packets on the Ethernet management port 0, are captured.
From the list, select an interface—for example, ge-0/0/0.
Specifies the extent of details to be displayed for the packet headers.
From the list, select Detail.
Specifies the number of packets to be captured. Values range from 1 to 1000. Default is 10. Packet capture stops capturing packets after this number is reached.
From the list, select the number of packets to be captured—for example, 10.
Specifies the addresses to be matched for capturing the packets using a combination of the following parameters:
You can add multiple entries to refine the match criteria for addresses.
Select address-matching criteria. For example:
Matches the protocol for which packets are captured. You can choose to capture TCP, UDP, or ICMP packets or a combination of TCP, UDP, and ICMP packets.
From the list, select a protocol—for example, tcp.
Matches packet headers containing the specified source or destination TCP or UDP port number or port name.
Select a direction and a port. For example:
Absolute TCP Sequence
Specifies that absolute TCP sequence numbers are to be displayed for the packet headers.
To display absolute TCP sequence numbers in the packet headers, select this check box.
Layer 2 Headers
Specifies that link-layer packet headers are to be displayed.
To include link-layer packet headers while capturing packets, select this check box.
Specifies not to place the interface in promiscuous mode, so that the interface reads only packets addressed to it. In promiscuous mode, the interface reads every packet that reaches it.
To read all packets that reach the interface, select this check box.
Specifies that packet headers, except link-layer headers, are to be displayed in hexadecimal format.
To display the packet headers in hexadecimal format, select this check box.
Display ASCII and Hex
Specifies that packet headers are to be displayed in hexadecimal and ASCII format.
To display the packet headers in ASCII and hexadecimal formats, select this check box.
Specifies the match condition for the packets to be captured. The match conditions you specify for Addresses, Protocols, and Ports are displayed in expression format in this field.
You can enter match conditions directly in this field in expression format or modify the expression composed from the match conditions you specified for Addresses, Protocols, and Ports. If you change the match conditions specified for Addresses, Protocols, and Ports again, packet capture overwrites your changes with the new match conditions.
Specifies the number of bytes to be displayed for each packet. If a packet header exceeds this size, the display is truncated for the packet header. The default value is 96 bytes.
Type the number of bytes you want to capture for each packet header—for example, 256.
Don't Resolve Addresses
Specifies that IP addresses are not to be resolved into hostnames in the packet headers displayed.
To prevent packet capture from resolving IP addresses to hostnames, select this check box.
Suppresses the display of packet header timestamps.
To stop displaying timestamps in the captured packet headers, select this check box.
Write Packet Capture File
Writes the captured packets to a file in PCAP format in /var/tmp. The files are named with the prefix jweb-pcap and the extension .pcap. If you select this option, the decoded packet headers are not displayed on the packet capture page.
To decode and display the packet headers on the J-Web page, clear this check box.