Brocade ADX – Packet Capture

The Brocade ADX provides the ability to capture network traffic which can then be viewed later for further analysis. This is achieved via the  debug filter.
Within this article we will provide the necessary steps required to configure, run, save and then export a debug filter.

Debug Filter Mode

First of all we enter the debug filter prompt.

[email protected]#debug filter
[email protected](debug-filter-all-BP)#

Buffer Attributes

Next we set the packet and buffer size, along with clearing the buffer.

[email protected](debug-filter-all-BP)#packet-size whole
[email protected](debug-filter-all-BP)#no buffer-size 10000
[email protected](debug-filter-all-BP)#buffer-size 10000

Configure Filters

Next we define our filters. This specifies which traffic will be captured.

[email protected](debug-filter-all-BP)#specify 1
[email protected](debug-filter-spec-1)#reset
[email protected](debug-filter-spec-1)#ip src 88.88.88.88
[email protected](debug-filter-spec-1)#exit
[email protected](debug-filter-all-BP)#specify 2
[email protected](debug-filter-spec-2)#reset
[email protected](debug-filter-spec-2)#ip dest 88.88.88.88
[email protected](debug-filter-spec-2)#exit

Apply / Show Filters

Once the filters are defined, they are applied.

[email protected](debug-filter-all-BP)#apply 1or2
[email protected](debug-filter-all-BP)#show apply

 Global Apply Expression: 1 or 2

It is also good practice to confirm that actual filter details just to ensure that there are no errors in what has been defined.

[email protected](debug-filter-all-BP)#show 1

Filter-ID: 1

        MAC filters:
                Src  MAC : ANY
                Dest MAC : ANY
                MAC Type : ANY
        IP filters:
                Src  IP  : 88.88.88.88
                Dest IP  : ANY
                Protocol : ANY
                Fragment : ANY
        ICMP filters:
                Type  : ANY
                Code  : ANY
        IP6 filters:
                Src  IP  : ANY
                Dest IP  : ANY
                Next-header : 0xff (255)
        ICMP6 filters:
                Type  : ANY
                Code  : ANY
        TCP filters:
                Src  port: ANY
                Dest port: ANY
                Flags    : None
        UDP filters:
                Src  port: ANY
                Dest port: ANY
        HTTP filters:
                Url      : ANY
                Cookie   : ANY
        Pattern filters:
                Pattern  : ANY

Start / Stop Capture

Next we set the debug filter to view (capture traffic on) all Barrel Processors. If you need to capture traffic whcih is destined/leaving the ADX (such as management or healthchecks) then you will need to view the management processor via the command “view mp”.
Following this the capture is started and then stopped for the duration that is required.

[email protected](debug-filter-all-BP)#view bp all
[email protected](debug-filter-all-BP)#start
[email protected](debug-filter-all-BP)#stop

Show Capture

To see a summary of the packets captures we issue the ‘summary’ command.

[email protected](debug-filter-all-BP)#summary

Save Capture

We next save the capture.

[email protected](debug-filter-all-BP)# pcap save /usb0/capture

Transfer Capture

Finally we export the capture to a TFTP server for further analysis (i.e Wireshark).

[email protected](debug-filter-all-BP)# exit
[email protected]#copy usb0  tftp <TFTP IP> capture.cap CAPTURE.CAP

Template

Below is a copy and paste template that can be used. Obviously the source and destination will need to be amended based on your networks.

debug filter

 packet-size whole
 no buffer-size 10000
 buffer-size 10000

 specify 1
 reset
 ip src 88.88.88.88
 exit
 specify 2
 reset
 ip dest 88.88.88.88
 exit
 
 apply 1or2

 view bp all
 start
 stop
 
 summary
 pcap save /usb0/capture
 exit
 
copy usb0  tftp <TFTP IP> capture.cap CAPTURE.CAP

 

Rick Donato

Want to become a networking expert?

Here is our hand-picked selection of the best courses you can find online:
Cisco CCNA 200-301 Certification Gold Bootcamp
Complete Cyber Security Course – Network Security
Internet Security Deep Dive course
Python Pro Bootcamp
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial