Meaning of quintuple packet capture for the USG2000&5000 series

9

Quintuple packet capture enables the USG2000&5000 series to copy the passing packets and save or display them in a certain format on the USG.
If the USG or service is faulty and the fault cannot be located after you check the configuration and statistics, you can enable quintuple packet capture for the USG to capture packets of specified flows for fault analysis.

Other related questions:
Meaning of quintuple packet capture for the USG6000 series
Quintuple packet capture enables the USG6000 series to copy the passing packets and save or display them in a certain format on the USG. If the USG or service is faulty and the fault cannot be located after you check the configuration and statistics, you can enable quintuple packet capture for the USG to capture packets of specified flows for fault analysis.

Whether the USG2000&5000 support capturing packets
You can enable the packet capture function on the USG2000&5000 as follows: 1. Configure the packet capture queue. [USG] packet-capture all-packet queue 0 interface GigabitEthernet 0/0/1 2. Enable the packet capture function. [USG] packet-capture startup manual 3. Save packets in the specified queue as file 1.cap on the device. The default directory is hda1:/. [USG] packet-capture queue 0 to-file 1.cap 4. Use FTP to download file 1.cap from the device, use the packet capture software to open the file, and analyze the captured packets. 5. Clear the packet capture queue and release the memory. After confirming that the host has completed receiving the packets, delete all packets from the queue. reset packet-capture queue 0

Precautions for quintuple packet capture configuration on the USG9000 series
Quintuple packet capture affects device performance. Use it with caution. After locating network problems, you should clear packet capture queues to release memory.

Meaning of port mirroring for the USG2000&5000 series
To locate network problems by capturing and analyzing session packets without interrupting services, you should configure port mirroring. Port mirroring copies packets on the specified service interface to a non-service interface. When a session is abnormal, you can locate the fault by viewing the protocol analyzer connected to the non-service interface without affecting services. The service interface is known as the mirroring port and the non-service interface known as the observing port.

S series switch packets capture
S series switches (except S1700 switches) support the packet capturing function. This function can be used if you need to capture packets for analysis. Packets that can be captured include service packets and packets sent to the CPU. Configuration example: 1. Capturing service packets [HUAWEI] capture-packet interface gigabitethernet 1/0/1 destination file capture.cap terminal //Information of captured packets is not provided here. 2. Capturing packets sent to the CPU [HUAWEI] capture-packet cpu destination file cfcard:/abc.cap //Information of captured packets is not provided here.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top