Capturing packets to view IPSec encrypted data packets

If you cannot capture packets on firewall interfaces but you want to view packet loss information, you can use the quintuple packet capture statistics function. The operation is as follows: 1. Create an ACL. [system] acl 3999 [system-acl-adv-3999] rule 5 permit icmp source 10.2.4.2 0 destination 10.2.2.2 0 [system] diagnose [system-diagnose] firewall statistic acl 3999 enable 3. View quintuple packet capture statistics information. system-view [sysname] diagnose [sysname-diagnose] display firewall statistics acl ******************************************************************************** * Summary of ACL-based packet statistics * ******************************************************************************** SLOT 1 CPU 1 RcvnFrag RcvFrag Forward DisnFrag DisFrag Obverse(pkts) : 100 0 95 0 0 Reverse(pkts) : 100 0 100 0 0 SLOT 1 CPU 3 RcvnFrag RcvFrag Forward DisnFrag DisFrag Obverse(pkts) : 2 0 2 0 0 Reverse(pkts) : 1 0 1 0 0 SLOT: 2 Fastforward Discard Obverse(pkts) : 98 0 Reverse(pkts) : 999 0 Detailed information of discarded packets: ******************************************************************************** * Detailed information of ACL-based packet statistics * ******************************************************************************** Protocol(udp) SourceIp(10.2.4.2) DestinationIp(10.2.2.2) SourcePort(333) DestinationPort(444) VpnIndex(public) RcvnFrag RcvFrag Forward DisnFrag DisFrag Obverse(pkts) : 2 0 2 0 0 Reverse(pkts) : 1 0 1 0 0 Discard detail information: Protocol(udp) SourceIp(10.2.4.2) DestinationIp(10.2.2.2) SourcePort(555) DestinationPort(666) VpnIndex(public) RcvnFrag RcvFrag Forward DisnFrag DisFrag Obverse(pkts) : 100 0 95 5 0 Reverse(pkts) : 100 0 100 0 0 Discard detail information: Packet filter packets discarded: 5 Please check the security policy and whether the interface added to a security zone. 4. After locating the problem, run the undo firewall statistics acl command to disable the quintuple packet statistics function to prevent adverse impact on device performance.

You can view a captured IPSec-encrypted packet as follows: On the USG firewall, check whether an IPSec packet can be captured. The USG firewall can capture an IPSec packet but you cannot view the protected packet.

USG can capture and view the IPSec protocol packets, but can not view the protected data packets

S series switches (except S1700 switches) support the packet capturing function. This function can be used if you need to capture packets for analysis. Packets that can be captured include service packets and packets sent to the CPU. Configuration example: 1. Capturing service packets [HUAWEI] capture-packet interface gigabitethernet 1/0/1 destination file capture.cap terminal //Information of captured packets is not provided here. 2. Capturing packets sent to the CPU [HUAWEI] capture-packet cpu destination file cfcard:/abc.cap //Information of captured packets is not provided here.

To capture signaling packets on a VP9000 series MCU, perform the following operations: Log in to the MCU web interface, choose Settings > Maintenance > Signaling Diagnostics, click Start, reproduce the problem, click Stop, and export captured signaling packets. To capture signaling packets on a ViewPoint 8000 series MCU, perform the following operations: Log in to the MCU web interface, choose Settings > Maintenance > Signaling Diagnostics, and start signaling packet capture. Reproduce the problem. After packet capture ends, click Export to export signaling diagnostics or captured packets.