How do I enable packet capture on the controller?

Aruba Employee

Product and Software: This article applies to all Aruba controllers and ArubaOS versions.

Controller Packet Capture 


Packet Capture can be launched on the Aruba controller itself. This feature can copy packets that are going to or from the Aruba switch. The packets are copied from the Aruba Control Processor so you will not see the entire traffic, as with the Port Monitor.

Examples of packets captured: authentication traffic to/from Radius and LDAP servers, and syslog and snmp traffic from/to the controller.

Example of traffic that is not captured: wireless user traffic to the wired network as it is processed by the communication processor and not the control processor.

To start a packet capture on the controller, issue the following commands:

(Aruba) #packet-capture tcp all
(Aruba) #packet-capture udp all
(Aruba) #show packet-capture

Current Active Packet Capture Actions (current switch)
=====================================================
Packet filtering for all TCP ports enabled.
Packet filtering for all UDP ports enabled.
Packet filtering for internal messaging opcodes disabled.
Packet filtering for all other packets disabled.
Packet Capture Defaults (across switches and reboots if saved)
============================================================
Packet filtering for TCP ports disabled.
Packet filtering for UDP ports disabled.
Packet filtering for internal messaging opcodes disabled.
Packet filtering for all other packets disabled. 


Note that you can see the status of a packet capture with the ‘show packetcapture’ command.

After you have finished, copy the packet capture off the WLAN controller for analysis:

(Aruba) # tar logs
(Aruba2400) #dir 

-rw-r--r-- 1 root root 17190 Aug 10 02:55 aug10.cfg
-rw-r--r-- 1 root root 16451 Aug 10 05:45 default.cfg
-rw-r--r-- 1 root root 344064 Sep 4 05:51 logs.tar
(Aruba) #copy flash: logs.tar tftp: <ip address of the TFTP server> logszzz.tar 


If you look in the logs.tar file, you will see a file called filter.pcap, which is the packet capture file.rtaImage.jpg

 

When finished, turn off packet capturing by issuing the following commands:

(Aruba) #packet-capture tcp disable (Aruba) #packet-capture udp disable

Version history
Revision #:
1 of 1
Last update:
‎07-09-2014 01:03 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: