Brocade ADX - Packet Capture

The Brocade ADX provides the ability to capture network traffic which can then be viewed later for further analysis. This is achieved via the  debug filter.
Within this article we will provide the necessary steps required to configure, run, save and then export a debug filter.

Debug Filter Mode

First of all we enter the debug filter prompt.

SSH@adx#debug filter

Buffer Attributes

Next we set the packet and buffer size, along with clearing the buffer.

SSH@adx(debug-filter-all-BP)#packet-size whole
SSH@adx(debug-filter-all-BP)#no buffer-size 10000
SSH@adx(debug-filter-all-BP)#buffer-size 10000

Configure Filters

Next we define our filters. This specifies which traffic will be captured.

SSH@adx(debug-filter-all-BP)#specify 1
SSH@adx(debug-filter-spec-1)#ip src
SSH@adx(debug-filter-all-BP)#specify 2
SSH@adx(debug-filter-spec-2)#ip dest

Apply / Show Filters

Once the filters are defined, they are applied.

SSH@adx(debug-filter-all-BP)#apply 1or2
SSH@adx(debug-filter-all-BP)#show apply

 Global Apply Expression: 1 or 2

It is also good practice to confirm that actual filter details just to ensure that there are no errors in what has been defined.

SSH@adx(debug-filter-all-BP)#show 1

Filter-ID: 1

        MAC filters:
                Src  MAC : ANY
                Dest MAC : ANY
                MAC Type : ANY
        IP filters:
                Src  IP  :
                Dest IP  : ANY
                Protocol : ANY
                Fragment : ANY
        ICMP filters:
                Type  : ANY
                Code  : ANY
        IP6 filters:
                Src  IP  : ANY
                Dest IP  : ANY
                Next-header : 0xff (255)
        ICMP6 filters:
                Type  : ANY
                Code  : ANY
        TCP filters:
                Src  port: ANY
                Dest port: ANY
                Flags    : None
        UDP filters:
                Src  port: ANY
                Dest port: ANY
        HTTP filters:
                Url      : ANY
                Cookie   : ANY
        Pattern filters:
                Pattern  : ANY

Start / Stop Capture

Next we set the debug filter to view (capture traffic on) all Barrel Processors. If you need to capture traffic whcih is destined/leaving the ADX (such as management or healthchecks) then you will need to view the management processor via the command "view mp".
Following this the capture is started and then stopped for the duration that is required.

SSH@adx(debug-filter-all-BP)#view bp all

Show Capture

To see a summary of the packets captures we issue the 'summary' command.


Save Capture

We next save the capture.

SSH@adx(debug-filter-all-BP)# pcap save /usb0/capture

Transfer Capture

Finally we export the capture to a TFTP server for further analysis (i.e Wireshark).

SSH@adx(debug-filter-all-BP)# exit
SSH@adx#copy usb0  tftp <TFTP IP> capture.cap CAPTURE.CAP


Below is a copy and paste template that can be used. Obviously the source and destination will need to be amended based on your networks.

debug filter

 packet-size whole
 no buffer-size 10000
 buffer-size 10000

 specify 1
 ip src
 specify 2
 ip dest
 apply 1or2

 view bp all
 pcap save /usb0/capture
copy usb0  tftp <TFTP IP> capture.cap CAPTURE.CAP


About the Author


R Donato

Rick Donato is the Founder and Chief Editor of He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001