Whether the USG6000 supports capturing packets

9

You can enable the packet capture function on the USG6000 as follows:

1. Enable the packet capture function through the CLI as follows:
a. Define the packet capture range. In this example, packets from 192.168.1.0 are captured.
system-view
Enter system view, return user view with Ctrl+Z.
[sysname] acl 3000
[sysname-acl-adv-3000] rule permit ip source 192.168.1.0 0.0.0.255
[sysname-acl-adv-3000] quit

b. Run the following command to put all IPv4 packets passing the interface and matching ACL 3000 to the packet sending queue.
[sysname] packet-capture ipv4-packet 3000 interface GigabitEthernet 1/0/1

c. Start to capture packets.
[sysname] packet-capture startup manual

d. Save packets in the specified queue as file 1.cap on the device. The default directory is hda1:/.
[sysname] packet-capture queue 0 to-file 1.cap

e. After packet capture completes, terminate the packet capture process.
[sysname] undo packet-capture startup

f. Use FTP to download file 1.cap from the device, use the Wireshark to open the file, and analyze the captured packets.

Other related questions:
Whether the USG2000&5000 support capturing packets
You can enable the packet capture function on the USG2000&5000 as follows: 1. Configure the packet capture queue. [USG] packet-capture all-packet queue 0 interface GigabitEthernet 0/0/1 2. Enable the packet capture function. [USG] packet-capture startup manual 3. Save packets in the specified queue as file 1.cap on the device. The default directory is hda1:/. [USG] packet-capture queue 0 to-file 1.cap 4. Use FTP to download file 1.cap from the device, use the packet capture software to open the file, and analyze the captured packets. 5. Clear the packet capture queue and release the memory. After confirming that the host has completed receiving the packets, delete all packets from the queue. reset packet-capture queue 0

Meaning of quintuple packet capture for the USG6000 series
Quintuple packet capture enables the USG6000 series to copy the passing packets and save or display them in a certain format on the USG. If the USG or service is faulty and the fault cannot be located after you check the configuration and statistics, you can enable quintuple packet capture for the USG to capture packets of specified flows for fault analysis.

S series switch packets capture
S series switches (except S1700 switches) support the packet capturing function. This function can be used if you need to capture packets for analysis. Packets that can be captured include service packets and packets sent to the CPU. Configuration example: 1. Capturing service packets [HUAWEI] capture-packet interface gigabitethernet 1/0/1 destination file capture.cap terminal //Information of captured packets is not provided here. 2. Capturing packets sent to the CPU [HUAWEI] capture-packet cpu destination file cfcard:/abc.cap //Information of captured packets is not provided here.

Can mirrored packets be saved
Yes. Run the capture-packet command to configure the packet capturing function. The packets captured can be displayed directly on a terminal or be stored in the storage media of the device.

How do I capture packets of a TE series endpoint?
The method of capturing packets of TE30 is as follows: TE30 has only one network port. To capture packets, switch port mirroring must be performed first and then the Wirshark can be used for packet capture. The method of capturing packets of TE40, TE50, and TE60 is as follows: Log in to the endpoint web interface, choose System Settings > Network > IP > Common Settings and enable the hub network port mode. Then the PC can be connected to the LAN2 network port for packet capture using a tool such as Wirshark.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top