Reset Search



How to perform a local packet capture on an EXOS switch

« Go Back


TitleHow to perform a local packet capture on an EXOS switch
Perform a packet capture on EXOS switches using the CLI
  • EXOS 15.4 and newer 
  • Summit
  • BlackDiamond
Be Aware!
Debug commands are primarily meant for trouble shooting purposes and are NOT part of any EXOS validation tests (regression).

The usage of any debug command can result in unexpected side-effects (like memory depletion, high CPU, process failures).

Type the following command: debug packet capture ports {<port_list>} on <options>
Options include the following:
      {vr-id <vr_id>}                                                   
   { interface <iface_name> | direction [rx | tx | both ] }
                                    { mirror-to-cpu }
                                    {vlan <vlan-name>}
                                    {filter <filter_type>}
                                    {cmd-args <cmd_str>}
                                    { prefix <name_prefix> | file-name <filename> | print-to-console}
                                    {count <count>}
                            | off {<ipaddress>} {<remote-dir>}
                            | upload {<ipaddress>} {<remote-dir>}
                            | to-file <filename> {cmd-args <cmd_str>}
                            | help ]"

To see additional various options for the commands use the help option.  Type debug packet capture help

The output for the additional options are below:

 * BD-8806.2 #  debug packet capture help
--------------------------- debug hal capture help ---------------------------------
Filenames will be autonamed if no filename or interface is given.
    They will be named based on the system time.
When stopping the capture, you can add an ipaddress to tftp the results to.
Rx and Tx packets have to be captured separately.  To merge them, with timestamps
    in tact, run 'mergecap -w finalFilename.pcap input1.pcap input2.pcap
use -c <numPkts> to specify the number of packets to capture before exiting
use -C <size in MB> to limit the size of the pcap file.  This will rotate through
    files once the <size in MB> has been exceeded.
use -s <pktSize> to specify the number of bytes to capture of the packet
    this helps reduce the size of the pcap file.  Setting to 64 is all most
    people will need, for example.  It still shows the size on the wire in wireshark
To see a list of interfaces, run the capture with a -D cmd-args (and optional vr-id)
To see a list of vr-ids, use vr-id == -1
Cmd-args can use expressions.  Here are some common expressions:
    "vlan 100" - only vlan 100
    "vlan 100 or vlan 200" - only vlan 100 or 200
    "ether host 11:22:33:44:55:66" - only packets with this mac
    "ether proto ip" - only ip packets
    "ether[0:3] == 0x00e02b" - only packets with Extreme OUI
    "ether[18:4] = 0xe02b00bb" - only edp packets (start at offset 18 for 4 bytes
--------------------------- debug hal capture help ---------------------------------


Sample packet capture commands are below:

debug packet capture ports 1 on vlan default cmd-args "-c 10"   (captures 10 packets from port 1 on vlan default)

debug packet capture ports 1 on cmd-args "vlan 1 -c 10"  (captures 10 packets from port 1 on vlan tag 1 (default) )

debug packet capture ports 1 on cmd-args "ether host 11:22:33:44:55:66 -c 10"  (captures 10 packets on port 1 only for ethernet host 11:22:33:44:55:66)

debug packet capture ports 1 off (disables the packet capture on port 1)

debug packet capture on interface Broadcom count 2 (captures 2 packets that are to be sent to CPU for processing)

The packet capture outputs are saved to internal memory. Use "ls /usr/local/tmp" or "ls internal-memory" to view the files:

BD-8806.3 # ls /usr/local/tmp
-rwxr-xr-x    1 root     0             352 Aug 20 22:16 2014-08-20_22-16-20_rx_tx.pcap
-rwxr-xr-x    1 root     0              67 Aug 20 22:17 2014-08-20_22-17-41_rx_tx.pcap
-rwxr-xr-x    1 root     0               5 Aug 20 22:25 2014-08-20_22-25-30_rx_tx.pcap

The capture files can be sent to a TFTP server for analysis.
Additional notes



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255