HPE Knowledge Article HPE 5500 EI Switch Series - How to use the Packet Capture Utility Article Number mmr_sf-en_us000005595 Environment HP 5500-24G EI Switch HPE A-Series Switches Issue How can one use the packet capture utility to create a trace for a specific protocol? Cause Resolution In the following example, switch Rack4sw2 is configured to capture ICMP packets. A ping command is executed on switch Rack4sw3 with a destination of Rack4sw1. The packet capture buffer is saved to the file pcapbuffer.pcap and transferred to a tftp server.
The configuration, verification, and testing associated with the diagram follows; ----- ACL configuration ----- display current-configuration configuration acl-adv acl number 3000 name ICMP-Only rule 0 permit icmp rule 5 deny ip ----- ACL verification ----- display acl all Advanced ACL 3000, named ICMP-Only, 2 rules, ACL's step is 5 rule 0 permit icmp rule 5 deny ip ----- Clear the packet capture buffer ----- reset packet capture buffer ----- Start the packet capture ----- packet capture start acl 3000 length 1500 ----- Display the packet capture status and note the packet count ----- display packet capture status Current status : In process Mode : Linear Buffer size : 2097152 (bytes) Buffer used : 0 (bytes) Max capture length : 1500 (bytes) ACL information : Basic or advanced IPv4 ACL 3000 Schedule datetime: Unspecified Upper limit of duration : Unspecified (seconds) Duration : 47 (seconds) Upper limit of packets : Unspecified Packets count : 0 ----- Send ICMP ping packet ----- ping -c 1 192.168.4.1 PING 192.168.4.1: 56 data bytes, press CTRL_C to break Reply from 192.168.4.1: bytes=56 Sequence=1 ttl=255 time=3 ms --- 192.168.4.1 ping statistics --- 1 packet(s) transmitted 1 packet(s) received 0.00% packet loss round-trip min/avg/max = 3/3/3 ms ----- Display capture status and note the packet count ----- display packet capture status Current status : In process Mode : Linear Buffer size : 2097152 (bytes) Buffer used : 3056 (bytes) Max capture length : 1500 (bytes) ACL information : Basic or advanced IPv4 ACL 3000 Schedule datetime: Unspecified
Upper limit of duration : Unspecified (seconds) Duration : 414 (seconds) Upper limit of packets : Unspecified Packets count : 2 ----- Stop the packet capture ----- packet capture stop ----- Verify capture information in the buffer ----- display packet capture buffer 2014-05-03 14:47:57:491 Index 1 GE1/0/6 102 (original 102) Bytes captured b8 af 67 e0 d2 77 b8 af 67 e1 12 f7 81 00 00 01 08 00 45 00 00 54 47 4f 00 00 ff 01 eb 04 c0 a8 04 03 c0 a8 04 01 08 00 29 74 08 5c 00 01 2e a2 6d 4a 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 2014-05-03 14:47:57:492 Index 2 GE1/0/9 102 (original 102) Bytes captured b8 af 67 e1 12 f7 b8 af 67 e0 d2 77 81 00 00 01 08 00 45 00 00 54 f6 77 00 00 ff 01 3b dc c0 a8 04 01 c0 a8 04 03 00 00 31 74 08 5c 00 01 2e a2 6d 4a 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d ----- Save the capture buffer to a file ----- packet capture buffer save Info: The file pcapbuffer.pcap exists. Overwrite it? [Y/N]:y... ----- Transfer file to tftp server ----- tftp tftp-server put pcapbuffer.pcap Resolved Host : tftp-server->10.181.252.102 File will be transferred in binary mode Sending file to remote TFTP server. Please wait... TFTP: 260 bytes sent in 1 second(s). File uploaded successfully. ----- Open file with Wireshark and create text file ----- No. Time Source Destination Protocol Length Info 1 0.000000 192.168.4.3 192.168.4.1 ICMP 102 Echo (ping) request id=0x085c, seq=1/256, ttl=255 Ethernet II, Src: Hewlett-_e1:12:f7 (b8:af:67:e1:12:f7), Dst: Hewlett-_e0:d2:77 (b8:af:67:e0:d2:77) Destination: Hewlett-_e0:d2:77 (b8:af:67:e0:d2:77) Address: Hewlett-_e0:d2:77 (b8:af:67:e0:d2:77) Source: Hewlett-_e1:12:f7 (b8:af:67:e1:12:f7) Address: Hewlett-_e1:12:f7 (b8:af:67:e1:12:f7) Type: 802.1Q Virtual LAN (0x8100) 802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 1 000.......... = Priority: Best Effort (default) (0)...0......... = CFI: Canonical (0)... 0000 0000 0001 = ID: 1 Type: IP (0x0800) Internet Protocol Version 4, Src: 192.168.4.3 (192.168.4.3), Dst: 192.168.4.1 (192.168.4.1) Version: 4
Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00).....00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 84 Identification: 0x474f (18255) Flags: 0x00 0...... = Reserved bit: Not set.0..... = Don't fragment: Not set..0.... = More fragments: Not set Fragment offset: 0 Time to live: 255 Protocol: ICMP (1) Header checksum: 0xeb04 [correct] [Good: True] [Bad: False] Source: 192.168.4.3 (192.168.4.3) Destination: 192.168.4.1 (192.168.4.1) [Source GeoIP: Unknown] [Destination GeoIP: Unknown] Internet Control Message Protocol Type: 8 (Echo (ping) request) Code: 0 Checksum: 0x2974 [correct] Identifier (BE): 2140 (0x085c) Identifier (LE): 23560 (0x5c08) Sequence number (BE): 1 (0x0001) Sequence number (LE): 256 (0x0100) [Response In: 2] Data (56 bytes) 0000 2e a2 6d 4a 00 00 00 00 00 01 02 03 04 05 06 07..mJ... 0010 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17... 0020 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27...!\"#$%&' 0030 28 29 2a 2b 2c 2d 2e 2f ()*+,-./ Data: 2ea26d4a00000000000102030405060708090a0b0c0d0e0f... [Length: 56] No. Time Source Destination Protocol Length Info 2 0.001000 192.168.4.1 192.168.4.3 ICMP 102 Echo (ping) reply id=0x085c, seq=1/256, ttl=255 Ethernet II, Src: Hewlett-_e0:d2:77 (b8:af:67:e0:d2:77), Dst: Hewlett-_e1:12:f7 (b8:af:67:e1:12:f7) Destination: Hewlett-_e1:12:f7 (b8:af:67:e1:12:f7) Address: Hewlett-_e1:12:f7 (b8:af:67:e1:12:f7) Source: Hewlett-_e0:d2:77 (b8:af:67:e0:d2:77) Address: Hewlett-_e0:d2:77 (b8:af:67:e0:d2:77) Type: 802.1Q Virtual LAN (0x8100) 802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 1 000.......... = Priority: Best Effort (default) (0)...0......... = CFI: Canonical (0)... 0000 0000 0001 = ID: 1 Type: IP (0x0800) Internet Protocol Version 4, Src: 192.168.4.1 (192.168.4.1), Dst: 192.168.4.3 (192.168.4.3) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00).....00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 84 Identification: 0xf677 (63095) Flags: 0x00 0...... = Reserved bit: Not set.0..... = Don't fragment: Not set..0.... = More fragments: Not set
Fragment offset: 0 Time to live: 255 Protocol: ICMP (1) Header checksum: 0x3bdc [correct] [Good: True] [Bad: False] Source: 192.168.4.1 (192.168.4.1) Destination: 192.168.4.3 (192.168.4.3) [Source GeoIP: Unknown] [Destination GeoIP: Unknown] Internet Control Message Protocol Type: 0 (Echo (ping) reply) Code: 0 Checksum: 0x3174 [correct] Identifier (BE): 2140 (0x085c) Identifier (LE): 23560 (0x5c08) Sequence number (BE): 1 (0x0001) Sequence number (LE): 256 (0x0100) [Response To: 1] [Response Time: 1.000 ms] Data (56 bytes) 0000 2e a2 6d 4a 00 00 00 00 00 01 02 03 04 05 06 07..mJ... 0010 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17... 0020 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27...!\"#$%&' 0030 28 29 2a 2b 2c 2d 2e 2f ()*+,-./ Data: 2ea26d4a00000000000102030405060708090a0b0c0d0e0f... [Length: 56] ----- Physical interconnect ----- Rack4sw2 GE2/0/9 b8af-67eb-d2ee GigabitEthernet1/0/9 Rack4sw3 GE1/0/6 b8af-67e1-12f6 GigabitEthernet2/0/6 Rack4sw1 GE1/0/9 b8af-67e0-d276 GigabitEthernet2/0/9 Rack4sw2 GE2/0/6 b8af-67eb-d2ee GigabitEthernet1/0/6 Copyright 2016 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice.the only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services.nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.