Prerequisites; Packet Capture Configuration Task List; Capturing Packets - HPE FlexNetwork 5510 HI Series Network Management And Monitoring Configuration Manual

Packet field expressions contain only packet field strings. For example, tcp.flags.syn displays all
TCP packets that contain the SYN bit field.
The proto[...] expression
Use this type of expression to display packets that contain specific field values.
This type of expression contains the following elements:
•
proto—Specifies a protocol layer or packet field.
•
[...]—Matches a number of bytes relative to a protocol layer or packet field. Values for the bytes
to be matched must be a hexadecimal integer string. The expression in brackets can use the
following formats:
[n:m]—Matches a total of m bytes after an offset of n bytes from the beginning of the

specified protocol layer or field. To match only 1 byte, you can use both [n] and [n:1] formats.
For example, eth.src[0:3]==00:00:83 matches an Ethernet frame if the first three bytes of
its source MAC address are 0x00, 0x00, and 0x83. The eth.src[2] == 83 expression
matches an Ethernet frame if the third byte of its source MAC address is 0x83.
[n-m]—Matches a total of (m-n+1) bytes, starting from the (n+1)th byte relative to the

beginning of the specified protocol layer or packet field. For example, eth.src[1-2]==00:83
matches an Ethernet frame if the second and third bytes of its source MAC address are
0x00 and 0x83, respectively.

Prerequisites

To use the packet capture feature, you must install the feature image packet-capture by using the
boot-loader command. For more information about the commands, see Fundamentals Command
Reference.

Packet capture configuration task list

Tasks at a glance
(Required.)
(Optional.) Displaying the contents in a packet file

Capturing packets

IMPORTANT:
To capture or display desired packets, make sure the filter expressions do not conflict. The system
does not check for logic errors.
Packet capture captures only packets that are forwarded through CPU. To capture packets that are
forwarded through chips, you must configure a QoS policy to mirror packets to the CPU. For more
information about mirroring, see
The capture displays captured packets in real time. You can configure the capture to save captured
packets to a file or filter packets to display.
You cannot configure the device from the CLI while the capture is operating. To stop the capture
while it is capturing packets, press Ctrl+C. There might be a delay for the capture to stop because of
heavy traffic.
To capture packets:
Capturing packets
"Configuring flow
Remarks
N/A
This task is available only if you configure the
capture to save packets to a file.
mirroring."
240