Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation

Using the J-Web Packet Capture Tool

You can use the J-Web packet capture diagnostic tool when you need to quickly capture and analyze router control traffic on a device. Packet capture on the J-Web user interface allows you to capture traffic destined for, or originating from, the Routing Engine. You can use the J-Web packet capture tool to compose expressions with various matching criteria to specify the packets that you want to capture. You can either choose to decode and view the captured packets in the J-Web user interface as they are captured, or save the captured packets to a file and analyze them offline using packet analyzers such as Ethereal. The J-Web packet capture tool does not capture transient traffic.

To capture transient traffic and entire IPv4 data packets for offline analysis, you must configure packet capture with the J-Web user interface or CLI configuration editor.

To use J-Web packet capture:

  1. Select Troubleshoot>Packet Capture.
  2. Enter information into the Packet Capture page (see Table 1). The sample configuration captures the next 10 TCP packets originating from the IP address 10.1.40.48 on port 23 and passing through the Gigabit Ethernet interface ge-0/0/0.
  3. Save the captured packets to a file, or specify other advanced options by clicking the expand icon next to Advanced options.
  4. Click Start.

    The captured packet headers are decoded and appear in the Packet Capture display.

  5. Do one of the following:
    • To stop capturing the packets and stay on the same page while the decoded packet headers are being displayed, click Stop Capturing.
    • To stop capturing packets and return to the Packet Capture page, click OK.

Table 1: Packet Capture Field Summary

Field

Function

Your Action

Interface

Specifies the interface on which the packets are captured.

If you select default, packets on the Ethernet management port 0 are captured.

Select an interface from the list—for example, ge-0/0/0.

Detail level

Specifies the extent of details to be displayed for the packet headers.

  • Brief—Displays the minimum packet header information. This is the default.
  • Detail—Displays packet header information in moderate detail.
  • Extensive—Displays the maximum packet header information.

Select Detail from the list.

Packets

Specifies the number of packets to be captured. Values range from 1 to 1000. Default is 10. Packet capture stops capturing packets after this number is reached.

Select the number of packets to be captured from the list—for example, 10.

Addresses

Specifies the addresses to be matched for capturing the packets using a combination of the following parameters:

  • Direction—Matches the packet headers for IP address, hostname, or network address of the source, destination or both.
  • Type—Specifies if packet headers are matched for host address or network address.

You can add multiple entries to refine the match criteria for addresses.

Select address-matching criteria. For example:

  1. From the Direction list, select source.
  2. From the Type list, select host.
  3. In the Address box, type 10.1.40.48.
  4. Click Add.

Protocols

Matches the protocol for which packets are captured. You can choose to capture TCP, UDP, or ICMP packets or a combination of TCP, UDP, and ICMP packets.

Select a protocol from the list—for example, tcp.

Ports

Matches packet headers containing the specified source or destination TCP or UDP port number or port name.

Select a direction and a port. For example:

  1. From the Type list, select src.
  2. In the Port box, type 23.
Advanced Options

Absolute TCP Sequence

Specifies that absolute TCP sequence numbers are to be displayed for the packet headers.

  • Display absolute TCP sequence numbers in the packet headers by selecting this check box.
  • Stop displaying absolute TCP sequence numbers in the packet headers by clearing this check box.

Layer 2 Headers

Specifies that link-layer packet headers to display.

  • Include link-layer packet headers while capturing packets, by selecting this check box.
  • Exclude link-layer packet headers while capturing packets by clearing this check box.

Non-Promiscuous

Specifies not to place the interface in promiscuous mode, so that the interface reads only packets addressed to it.

In promiscuous mode, the interface reads every packet that reaches it.

  • Read all packets that reach the interface by selecting this check box.
  • Read only packets addressed to the interface by clearing this check box.

Display Hex

Specifies that packet headers, except link-layer headers, are to be displayed in hexadecimal format.

  • Display the packet headers in hexadecimal format by selecting this check box.
  • Stop displaying the packet headers in hexadecimal format by clearing this check box.

Display ASCII and Hex

Specifies that packet headers are to be displayed in hexadecimal and ASCII format.

  • Display the packet headers in ASCII and hexadecimal formats by selecting this check box.
  • Stop displaying the packet headers in ASCII and hexadecimal formats by clearing this check box.

Header Expression

Specifies the match condition for the packets to capture.

The match conditions you specify for Addresses, Protocols, and Ports appear in expression format in this field.

Enter match conditions in expression format or modify the expression composed from the match conditions you specified for Addresses, Protocols, and Ports. If you change the match conditions specified for Addresses, Protocols, and Ports again, packet capture overwrites your changes with the new match conditions.

Packet Size

Specifies the number of bytes to be displayed for each packet. If a packet header exceeds this size, the display is truncated for the packet header. The default value is 96 bytes.

Type the number of bytes you want to capture for each packet header—for example, 256.

Don't Resolve Addresses

Specifies that IP addresses are not to be resolved into hostnames in the packet headers displayed.

  • Prevent packet capture from resolving IP addresses to hostnames by selecting this check box.
  • Resolve IP addresses into hostnames by clearing this check box.

No Timestamp

Suppresses the display of packet header timestamps.

  • Stop displaying timestamps in the captured packet headers by selecting this check box.
  • Display the timestamp in the captured packet headers by clearing this check box.

Write Packet Capture File

Writes the captured packets to a file in PCAP format in /var/tmp. The files are named with the prefix jweb-pcap and the extension .pcap.

If you select this option, the decoded packet headers do not appear on the packet capture page.

  • Save the captured packet headers to a file by selecting this check box.
  • Decode and display the packet headers on the J-Web page by clearing this check box.
 

Related Documentation

 

Published: 2014-12-07

Previous Page Next Page