Skip to main content

Packet Capture

(2013-07-18)

Show information of packets seen on an interface:

# diag sniffer packet internal none 4 3
internal in 192.168.0.1.22 -> 192.168.0.30.1144: psh 2859918764 ack 1949135261
internal in 192.168.0.1.22 -> 192.168.0.30.1144: psh 2859918816 ack 1949135261
internal out 192.168.0.30.1144 -> 192.168.0.1.22: ack 2859918884

In this example:

  • none is the filter
  • 4 means show verbose level 4
  • 3 means show 3 packets then stop

Verbose levels: usually you want level 3 or level 4. Level three shows you a hex dump of the packet, good for looking for mac addresses or whatever. If you just want to see the IP/TCP information, level 4 is sufficient.

Other examples:

# diag sniffer packet internal1 "host 10.10.0.1" 4 150

# diag sniffer packet internal1 "src host 10.10.0.1" 4 150

# diag sniffer packet internal1 "src host 10.10.0.1 dst host 10.20.0.1" 4 150