Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

About the Packet Capture Page

To access the Packet Capture page:

  1. Select Observability > Active Assurance > Measurement Explorer.

    The Measurement Explorer page is displayed.

  2. Click a Packet-Capture-Name.

    The Packet Capture page displays the results of the selected Packet Capture.

You (superusers and network administrators) can use this page to view detailed information about a selected Packet Capture. You can view details such as the Packet Capture name, description, time range, overall status, the list of events generated during the capture. In addition, you can download the captured data as a .pcap file and analyze the data using a packet analyzer such as Wireshark or tcpdump.

Tasks You Can Perform

You can perform the following tasks on the Packet Capture page:

  • View Packet Capture details—You can view the following details:

    • Name—The name you have specified at the time of creating the Packet Capture.

    • Description—The description you entered at the time of creating the Packet Capture.

    • Time Range—The date and time range during which the Packet Capture was run.

    • Status—The overall status of the Packet Capture session.

  • View Packet Capture results for a specific period—You can select a predefined period (15 m, 2h, 4h, 8h, 16h, 24h, 1w) for which you want to view the results.

    Click Custom to set a custom time range for which you want to view the results of all Packet Capture. On the Custom Time Range Selection page that appears, enter the day and time in the From and To fields, respectively.

  • View the list of events—You can view the events generated for the Packet Capture, along with the date and time during which the event has occurred. The Event bar displays events based on the severity levels. The high-priority event, Critical, is displayed at the top of the events list, while low-priority event, Information, is displayed at the end of the list.

    To view the list of all the events generated in the order of occurrence, click See More Events. When you click See More Events, the Events page appears. You can also sort the columns in the Events page. For more information on the events generated by the Packet Capture, see Table 1.

  • View parameter details on the configuration bar—You can click and expand the Config bar and view all parameters configured for the Packet Capture. To view more details on Packet Capture parameters, see Packet Capture.

  • Start or Stop a Packet Capture—You can start or stop a Packet Capture by using the Start or Stop button. If a Packet Capture status is Completed, click Start on the top-right corner of the page to restart the capture. If a Packet Capture status is Running, click Stop on the top-right corner of the page to stop the capture.

    A message confirms that Routing Director successfully started or stopped the measurement. The overall status of the Packet Capture updates to Running or Stopped.

  • View Packet Capture results—You can view a list of Packet Captures for a specific interface at various times. The captures are displayed in chronological order, making it easy to analyze network activity over time.

    Each capture includes the following information:

    • Status—The status of the capture. The available statuses are Completed, Running, or Failed.
    • Capture Duration—The total time the capture session was active, for example, 3 seconds.
    • Start and Stop Time—The timestamps when the capture session started and ended, for example, 15 minutes ago.
    • Capture Size—The total size of the captured data. for example,3 Bytes.
    • Captured Packets—The number of packets captured during the session.

  • Download Packet Capture results—You can download results of each packet capture to analyse the details offline.

    Click the Download button next to a packet capture entry, and a .pcap file is downloaded to your local system. You can use a packet analyzer such as Wireshark or tcpdump to view and analyse the downloaded file.

Table 1: Fields in the Events page
Field Description
Severity

The severity level of the event raised by a criteria violation.

The following are the severity levels:

Critical—Indicates that the event is critical and requires immediate attention.

Warning—Indicates that the event needs to be fixed but does not require immediate attention.

Info—Indicates that an event is raised that provides information on progress and does not require attention.

Error—Indicates that the event needs to be fixed and requires immediate attention and troubleshooting.
Description

The description you specified when you configured the evaluation criteria for the Packet Capture.
Raise Time

The date and time when the event was generated. The timestamp is displayed in the following format: Month DD, YYYY, HH:MM:SS AM/PM.

The date and time is displayed according to the Raise delay you specified when you configured the evaluation criteria for a Packet Capture.

For example, Mar 5, 2024, 4:29:52 PM.
Clear Time

The date and time when the event was cleared. The timestamp is displayed in the following format: Month DD, YYYY, HH:MM:SS AM/PM.

The date and time is displayed according to the clear delay you specified when you configured the evaluation criteria for a Packet Capture.

For example, Mar 5, 2024, 4:29:52 PM.

Subject

The details of the event generated is displayed in JSON format. To view the details, click show hyperlink.

Data

The details of the evaluation criteria associated with the event generated. To view data, click show hyperlink.

Related Documentation