Command of the Day

Reply
Guru Elite

COTD: packet-capture: Packet Capturing Controller Traffic

We all know that the Aruba controller can do packet captures for user traffic simply by clicking the packet capture button on the client screen. There are other times, however you need to do packet captures of controller traffic. This is useful when you are troubleshooting timeouts of a radius or LDAP server and you want to ensure, on a protocol level, that traffic is being sent and received, like it should. The syntax of the command is:

packet-capture (udp | tcp) .
(Aruba800-4) #packet-capture tcp 389

The above statement will do a packet capture of any traffic going to or from one of the controller's IP interfaces on port TCP 389. You can enter a list of packet capture ports, by separating them by a comma, or just use the "all" parameter to capture all ports. You can see what type of packet capture you have running by executing "show packet-capture:"

(Aruba800-4) #show packet-capture
Current Active Packet Capture Actions(current switch)
=====================================================
Packet filtering TCP with 1 port(s) enabled:
389
Packet filtering for UDP ports disabled.
Packet filtering for internal messaging opcodes disabled.
Packet filtering for all other packets disabled.
Packet Capture Defaults(across switches and reboots if saved)
============================================================
Packet filtering for TCP ports disabled.
Packet filtering for UDP ports disabled.
Packet filtering for internal messaging opcodes disabled.
Packet filtering for all other packets disabled.

To retrieve your packet capture, go to Maintenence> File> Copy Logs> Download Logs and include Tech Support. In the logs-download.tar, there will be a filter.pcap file that contains your capture.
Make sure that you disable packet capturing when you are finished by using the "packet-capture disable" command.
Big shout to the engineer in Europe whose document I got this information from!


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I

Re: COTD: packet-capture: Packet Capturing Controller Traffic


We all know that the Aruba controller can do packet captures for user traffic simply by clicking the packet capture button on the client screen. There are other times, however you need to do packet captures of controller traffic. This is useful when you are troubleshooting timeouts of a radius or LDAP server and you want to ensure, on a protocol level, that traffic is being sent and received, like it should. The syntax of the command is:

packet-capture (udp | tcp) .
(Aruba800-4) #packet-capture tcp 389

The above statement will do a packet capture of any traffic going to or from one of the controller's IP interfaces on port TCP 389. You can enter a list of packet capture ports, by separating them by a comma, or just use the "all" parameter to capture all ports. You can see what type of packet capture you have running by executing "show packet-capture:"

(Aruba800-4) #show packet-capture
Current Active Packet Capture Actions(current switch)
=====================================================
Packet filtering TCP with 1 port(s) enabled:
389
Packet filtering for UDP ports disabled.
Packet filtering for internal messaging opcodes disabled.
Packet filtering for all other packets disabled.
Packet Capture Defaults(across switches and reboots if saved)
============================================================
Packet filtering for TCP ports disabled.
Packet filtering for UDP ports disabled.
Packet filtering for internal messaging opcodes disabled.
Packet filtering for all other packets disabled.

To retrieve your packet capture, go to Maintenence> File> Copy Logs> Download Logs and include Tech Support. In the logs-download.tar, there will be a filter.pcap file that contains your capture.
Make sure that you disable packet capturing when you are finished by using the "packet-capture disable" command.
Big shout to the engineer in Europe whose document I got this information from!





Better be careful with this one… in ArubaOS 3.3.1.22 the disable command is “packet-capture tcp disable” The disable command mentioned in this post does not work in this version.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: