Posted by Reimund at 2022-03-23 10:00
I know, but I need exact command to do remote capturing
Hello, friend!
Assume that the index of the remote packet capture item is 1, the packet capture direction is egress port packets, the user-defined ACL rule is used, and the matching port number is 0/3/0. To configure the remote packet capture item, do as follows:
huawei(diagnose)%ture item
{itemindex<U><1,5>}:1
{bidirection<K>|inbound<K>|outbound<K>}:outbound
{ip-group<K>|link-group<K>|user-group<K>}:user-group
{aclnum<U><5000,5999>}:5500
{rule<K>}:rule
{ruleindex<U><0,4294967294>}:1
{board<K>|frame<K>|port<K>}:port
{frameid/slotid/portid<S><Length 5-15>}:0/3/0
Command:
capture item 1 outbound user-group 5500 rule 1 port 0/3/0
To cancel the remote packet capture item with the index of 1, do as follows:
huawei(diagnose)#undo capture item
{itemindex<U><1,5>}:1
Command:
undo capture item 1
To enable the remote packet capture function, set the number of captured packets to 1000, use the static buffer, and print the captured packets to the terminal interface when the packet capture stops, do as follows:
huawei(diagnose)%ture start -c 1000 -print -static-buffer
{ <cr>|-t<K>||<K> }:
Command:
capture start -c 1000 -print -static-buffer
Warning: This command is used for only fault locating, which may affect normal
services. Therefore, exercise caution when running this command
The configured packet capture duration is 30 minutes and packet capture
number is 1000
After execution of this command, run the capture stop command to release
resources so that other services are not affected due to long-term resource
occupation
Info: Start to packet capture. This may take a long time. Do you want to wait
for packet capture completion and print information?(y/n)[n]:y
During the waiting, press CTRL_C to stop. If waiting stops and packet capture
completes, the information is printed immediately. Alternatively, run the
capture stop command to stop packet capture in advance and print information
To stop the packet capture test (the capture start command does not use the keyword -print), do as follows:
huawei(diagnose)%ture stop
{ <cr>||<K> }:
Command:
capture stop
To stop the packet capture test, where the capture start command uses the keyword -print, do as follows:
huawei(diagnose)%ture stop
{ <cr>||<K> }:
Command:
capture stop
This operation will take several minutes, Please wait...
Total captured number: 2
------------------------------------------------------------------------------
Packet SN: 1
Packet captured time: 2022-03-23 10:00+08:00
Packet length: 22
0x0000: 50 61 63 6b 65 74 49 6e 66 6f 5f 74 65 73 74 30 PacketInfo_test0
0x0010: 30 31 00 00 ff ff 01....
------------------------------------------------------------------------------
Packet SN: 2
Packet captured time: 2022-03-23 10:00+08:00
Packet length: 34
0x0000: 50 61 63 6b 65 74 49 6e 66 6f 5f 74 65 73 74 30 PacketInfo_test0
0x0010: 30 31 00 00 ff ff ff ff ff ff ff ff ff ff ff ff 01..............
0x0020: ff ff ..
------------------------------------------------------------------------------
Configuring the File Server and File Storage Path
huawei(diagnose)%%file-server auto-backup debug primary 10.240.23.4 sftp path ftproot user
huawei(diagnose)%%file-server auto-backup board-info primary 10.240.23.4 sftp path ftproot user
Configuring based Service Port Packet Capture
huawei(diagnose)%ture service-port 2184 capture-time 600
huawei(diagnose)%ture start ------Start Capture
huawei(diagnose)%ture stop ------Stop Capture
huawei(diagnose)%%display capture statistics ----Querying the Packet Capture and Upload Status
huawei(diagnose)%%undo capture service-port ----Deleting Packet Capture Based on Service Flows
Deleting the file server
huawei(diagnose)%%undo file-server auto-backup debug primary
huawei(diagnose)%%undo file-server auto-backup board-info primary
Thanks!
