cancel
Showing results for 
Search instead for 
Did you mean: 

Locally packet capture on ICX ?

miroslav_vukov1
New Contributor
Hi, is there an option to capture packets from certain interface to local memory on ICX switches ?
I can use port mirroring but only if I'm on site where that switch is. I need a solution to capture packet remotely.

Any help would be appreciated.
Thanks

mIRO
3 ACCEPTED SOLUTIONS

vu_pham_ghtztqm
New Contributor III

hashim_bharooc1
RUCKUS Team Member
Hi Miroslav,
We do not support pcap capabilities on ICX.

We do have a dm raw utility, this will ONLY capture packets hitting the ICX, for example
Broadcast
Unknown Unicast
Multicast
Protocol Packets.

Please see video with dm raw example:
https://www.youtube.com/watch?v=6a18tpkE_y4

For ssh /telnet sessions we need to find your session:
show who
7650#sh who
Console connections (by unit number):
 1      established, monitor enabled, privilege super-user
        you are connecting to this session
        2 second(s) in idle
Telnet server status: Enabled
then debug  destination
then run dm raw, please watch video above.
Also we can get context sensitive help on dm raw and it shows all options.
But this will require TAC case to help you debug.

Hope this helps
Thanks
Hashim




View solution in original post

jijo_panangat
RUCKUS Team Member
Hi Miro,

On ICX switches the feature to save packet capture locally on the flash/memory isn't available but Using ERSPAN, you can encapsulate monitored traffic and send it to an analysis station not directly connected to the switch.

Pls refer monitoring guide for more details.
http://docs.ruckuswireless.com/fastiron/08.0.70/fastiron-08070-monitoringguide/GUID-40AA6E17-B2A6-49...

Thanks
Jijo 

View solution in original post

5 REPLIES 5

vu_pham_ghtztqm
New Contributor III
Hi - You can try ERSPAN feature to send the capture traffic to a remote host.

http://docs.ruckuswireless.com/fastiron/08.0.70/fastiron-08070-monitoringguide/GUID-EF051D2A-CAB7-45...

hashim_bharooc1
RUCKUS Team Member
Hi Miroslav,
We do not support pcap capabilities on ICX.

We do have a dm raw utility, this will ONLY capture packets hitting the ICX, for example
Broadcast
Unknown Unicast
Multicast
Protocol Packets.

Please see video with dm raw example:
https://www.youtube.com/watch?v=6a18tpkE_y4

For ssh /telnet sessions we need to find your session:
show who
7650#sh who
Console connections (by unit number):
 1      established, monitor enabled, privilege super-user
        you are connecting to this session
        2 second(s) in idle
Telnet server status: Enabled
then debug  destination
then run dm raw, please watch video above.
Also we can get context sensitive help on dm raw and it shows all options.
But this will require TAC case to help you debug.

Hope this helps
Thanks
Hashim




hashim_bharooc1
RUCKUS Team Member
Hi Miroslav,
We do not support pcap capabilities on ICX.We do have a dm raw utility, this will ONLY capture packets hitting the ICX, for example
Broadcast
Unknown Unicast
Multicast
Protocol Packets.Please see video with dm raw example:
https://www.youtube.com/watch?v=6a18tpkE_y4For ssh /telnet sessions we need to find your session:
show who
7650#sh who
Console connections (by unit number):
 1     established, monitor enabled, privilege super-user
       you are connecting to this session
       2 second(s) in idle
Telnet server status: Enabled
then debug destination
then run dm raw, please watch video above.
Also we can get context sensitive help on dm raw and it shows all options.
But this will require TAC case to help you debug.Hope this helps
Thanks
Hashim

Image_ images_messages_5f91c459135b77e247a3a46c_b757200c4d5b75c4f78256cee0a746c5_c1o1wi32.he32.siurlhttps3A2F2F-891a7276-fb48-42a9-bad6-1b137a625d24-2137326419.pngYouTube | Terry Henry
BROCADE ICX TROUBLESHOOTING HIGH CPU WITH DM RAW








miroslav_vukov1
New Contributor
Hi,
ERSPAN is what I need, actually it is a lot better. I've mirrored uplink port on a switch to my computer with packet analyzer over OpenVPN connection. I just filtered GRE protocol and got all the packets from uplink port. Great!

"dm raw" is also a great tool I didn't knew about it. I'm sure I will use it in the future for tshooting.


Thanks guys 😉
mIRO