Skip to main content

Wed, Sep 30, 2020 12:53 PM

Locally packet capture on ICX ?

Hi, is there an option to capture packets from certain interface to local memory on ICX switches ?
I can use port mirroring but only if I'm on site where that switch is. I need a solution to capture packet remotely.

Any help would be appreciated.
Thanks

mIRO

Responses

Accepted Solution

Official Solution

Employee

 • 

146 Messages

 • 

2.4K Points

2 months ago

Hi Miro,

On ICX switches the feature to save packet capture locally on the flash/memory isn't available but Using ERSPAN, you can encapsulate monitored traffic and send it to an analysis station not directly connected to the switch.

Pls refer monitoring guide for more details.
http://docs.ruckuswireless.com/fastiron/08.0.70/fastiron-08070-monitoringguide/GUID-40AA6E17-B2A6-49...

Thanks
Jijo 

Accepted Solution

Employee

 • 

16 Messages

 • 

474 Points

2 months ago

Hi - You can try ERSPAN feature to send the capture traffic to a remote host.

http://docs.ruckuswireless.com/fastiron/08.0.70/fastiron-08070-monitoringguide/GUID-EF051D2A-CAB7-45...

Accepted Solution

Employee

 • 

81 Messages

 • 

1.9K Points

2 months ago

Hi Miroslav,
We do not support pcap capabilities on ICX.

We do have a dm raw utility, this will ONLY capture packets hitting the ICX, for example
Broadcast
Unknown Unicast
Multicast
Protocol Packets.

Please see video with dm raw example:
https://www.youtube.com/watch?v=6a18tpkE_y4

For ssh /telnet sessions we need to find your session:
show who
7650#sh who
Console connections (by unit number):
 1      established, monitor enabled, privilege super-user
        you are connecting to this session
        2 second(s) in idle
Telnet server status: Enabled
then debug  destination
then run dm raw, please watch video above.
Also we can get context sensitive help on dm raw and it shows all options.
But this will require TAC case to help you debug.

Hope this helps
Thanks
Hashim




Employee

 • 

81 Messages

 • 

1.9K Points

2 months ago

Hi Miroslav,
We do not support pcap capabilities on ICX.We do have a dm raw utility, this will ONLY capture packets hitting the ICX, for example
Broadcast
Unknown Unicast
Multicast
Protocol Packets.Please see video with dm raw example:
https://www.youtube.com/watch?v=6a18tpkE_y4For ssh /telnet sessions we need to find your session:
show who
7650#sh who
Console connections (by unit number):
 1     established, monitor enabled, privilege super-user
       you are connecting to this session
       2 second(s) in idle
Telnet server status: Enabled
then debug destination
then run dm raw, please watch video above.
Also we can get context sensitive help on dm raw and it shows all options.
But this will require TAC case to help you debug.Hope this helps
Thanks
Hashim

YouTubeYouTube | Terry Henry
BROCADE ICX TROUBLESHOOTING HIGH CPU WITH DM RAW








2 Messages

 • 

100 Points

2 months ago

Hi,
ERSPAN is what I need, actually it is a lot better. I've mirrored uplink port on a switch to my computer with packet analyzer over OpenVPN connection. I just filtered GRE protocol and got all the packets from uplink port. Great!

"dm raw" is also a great tool I didn't knew about it. I'm sure I will use it in the future for tshooting.


Thanks guys ;)
mIRO