The Brocade ADX provides the ability to capture network traffic which can then be viewed later for further analysis. This is achieved via the debug filter.
Within this article we will provide the necessary steps required to configure, run, save and then export a debug filter.
Debug Filter Mode
First of all we enter the debug filter prompt.
[email protected]#debug filter
[email protected](debug-filter-all-BP)#
Buffer Attributes
Next we set the packet and buffer size, along with clearing the buffer.
[email protected](debug-filter-all-BP)#packet-size whole
[email protected](debug-filter-all-BP)#no buffer-size 10000
[email protected](debug-filter-all-BP)#buffer-size 10000
Configure Filters
Next we define our filters. This specifies which traffic will be captured.
[email protected](debug-filter-all-BP)#specify 1
[email protected](debug-filter-spec-1)#reset
[email protected](debug-filter-spec-1)#ip src 88.88.88.88
[email protected](debug-filter-spec-1)#exit
[email protected](debug-filter-all-BP)#specify 2
[email protected](debug-filter-spec-2)#reset
[email protected](debug-filter-spec-2)#ip dest 88.88.88.88
[email protected](debug-filter-spec-2)#exit
Apply / Show Filters
Once the filters are defined, they are applied.
[email protected](debug-filter-all-BP)#apply 1or2
[email protected](debug-filter-all-BP)#show apply
Global Apply Expression: 1 or 2
It is also good practice to confirm that actual filter details just to ensure that there are no errors in what has been defined.
[email protected](debug-filter-all-BP)#show 1
Filter-ID: 1
MAC filters:
Src MAC : ANY
Dest MAC : ANY
MAC Type : ANY
IP filters:
Src IP : 88.88.88.88
Dest IP : ANY
Protocol : ANY
Fragment : ANY
ICMP filters:
Type : ANY
Code : ANY
IP6 filters:
Src IP : ANY
Dest IP : ANY
Next-header : 0xff (255)
ICMP6 filters:
Type : ANY
Code : ANY
TCP filters:
Src port: ANY
Dest port: ANY
Flags : None
UDP filters:
Src port: ANY
Dest port: ANY
HTTP filters:
Url : ANY
Cookie : ANY
Pattern filters:
Pattern : ANY
Start / Stop Capture
Next we set the debug filter to view (capture traffic on) all Barrel Processors. If you need to capture traffic whcih is destined/leaving the ADX (such as management or healthchecks) then you will need to view the management processor via the command “view mp”.
Following this the capture is started and then stopped for the duration that is required.
[email protected](debug-filter-all-BP)#view bp all
[email protected](debug-filter-all-BP)#start
[email protected](debug-filter-all-BP)#stop
Show Capture
To see a summary of the packets captures we issue the ‘summary’ command.
[email protected](debug-filter-all-BP)#summary
Save Capture
We next save the capture.
[email protected](debug-filter-all-BP)# pcap save /usb0/capture
Transfer Capture
Finally we export the capture to a TFTP server for further analysis (i.e Wireshark).
[email protected](debug-filter-all-BP)# exit
[email protected]#copy usb0 tftp <TFTP IP> capture.cap CAPTURE.CAP
Template
Below is a copy and paste template that can be used. Obviously the source and destination will need to be amended based on your networks.
debug filter
packet-size whole
no buffer-size 10000
buffer-size 10000
specify 1
reset
ip src 88.88.88.88
exit
specify 2
reset
ip dest 88.88.88.88
exit
apply 1or2
view bp all
start
stop
summary
pcap save /usb0/capture
exit
copy usb0 tftp <TFTP IP> capture.cap CAPTURE.CAP
- How to Configure a BIND Server on Ubuntu - March 15, 2018
- What is a BGP Confederation? - March 6, 2018
- Cisco – What is BGP ORF (Outbound Route Filtering)? - March 5, 2018
Want to become a networking expert?
Here is our hand-picked selection of the best courses you can find online:
Cisco CCNA 200-301 Certification Gold Bootcamp
Complete Cyber Security Course – Network Security
Internet Security Deep Dive course
Python Pro Bootcamp
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial