The Brocade ADX provides the ability to capture network traffic which can then be viewed later for further analysis. This is achieved via the debug filter.
Within this article we will provide the necessary steps required to configure, run, save and then export a debug filter.
Table of Contents
Debug Filter Mode
First of all we enter the debug filter prompt.
SSH@adx#debug filter
SSH@adx(debug-filter-all-BP)#
Buffer Attributes
Next we set the packet and buffer size, along with clearing the buffer.
SSH@adx(debug-filter-all-BP)#packet-size whole
SSH@adx(debug-filter-all-BP)#no buffer-size 10000
SSH@adx(debug-filter-all-BP)#buffer-size 10000
Configure Filters
Next we define our filters. This specifies which traffic will be captured.
SSH@adx(debug-filter-all-BP)#specify 1
SSH@adx(debug-filter-spec-1)#reset
SSH@adx(debug-filter-spec-1)#ip src 88.88.88.88
SSH@adx(debug-filter-spec-1)#exit
SSH@adx(debug-filter-all-BP)#specify 2
SSH@adx(debug-filter-spec-2)#reset
SSH@adx(debug-filter-spec-2)#ip dest 88.88.88.88
SSH@adx(debug-filter-spec-2)#exit
Apply / Show Filters
Once the filters are defined, they are applied.
SSH@adx(debug-filter-all-BP)#apply 1or2
SSH@adx(debug-filter-all-BP)#show apply
Global Apply Expression: 1 or 2
It is also good practice to confirm that actual filter details just to ensure that there are no errors in what has been defined.
SSH@adx(debug-filter-all-BP)#show 1
Filter-ID: 1
MAC filters:
Src MAC : ANY
Dest MAC : ANY
MAC Type : ANY
IP filters:
Src IP : 88.88.88.88
Dest IP : ANY
Protocol : ANY
Fragment : ANY
ICMP filters:
Type : ANY
Code : ANY
IP6 filters:
Src IP : ANY
Dest IP : ANY
Next-header : 0xff (255)
ICMP6 filters:
Type : ANY
Code : ANY
TCP filters:
Src port: ANY
Dest port: ANY
Flags : None
UDP filters:
Src port: ANY
Dest port: ANY
HTTP filters:
Url : ANY
Cookie : ANY
Pattern filters:
Pattern : ANY
Start / Stop Capture
Next we set the debug filter to view (capture traffic on) all Barrel Processors. If you need to capture traffic whcih is destined/leaving the ADX (such as management or healthchecks) then you will need to view the management processor via the command “view mp”.
Following this the capture is started and then stopped for the duration that is required.
SSH@adx(debug-filter-all-BP)#view bp all
SSH@adx(debug-filter-all-BP)#start
SSH@adx(debug-filter-all-BP)#stop
Show Capture
To see a summary of the packets captures we issue the ‘summary’ command.
SSH@adx(debug-filter-all-BP)#summary
Save Capture
We next save the capture.
SSH@adx(debug-filter-all-BP)# pcap save /usb0/capture
Transfer Capture
Finally we export the capture to a TFTP server for further analysis (i.e Wireshark).
SSH@adx(debug-filter-all-BP)# exit
SSH@adx#copy usb0 tftp <TFTP IP> capture.cap CAPTURE.CAP
Template
Below is a copy and paste template that can be used. Obviously the source and destination will need to be amended based on your networks.
debug filter
packet-size whole
no buffer-size 10000
buffer-size 10000
specify 1
reset
ip src 88.88.88.88
exit
specify 2
reset
ip dest 88.88.88.88
exit
apply 1or2
view bp all
start
stop
summary
pcap save /usb0/capture
exit
copy usb0 tftp <TFTP IP> capture.cap CAPTURE.CAP
- How to Configure a BIND Server on Ubuntu - March 15, 2018
- What is a BGP Confederation? - March 6, 2018
- Cisco – What is BGP ORF (Outbound Route Filtering)? - March 5, 2018
Want to become a networking expert?
Here is our hand-picked selection of the best courses you can find online:
Cisco CCNA 200-301 Certification Gold Bootcamp
Complete Cyber Security Course – Network Security
Internet Security Deep Dive course
Python Pro Bootcamp
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial