Q: How to check the packet flow on an Aruba Controller with controlpath/datapath packet capture is enabled?
A: In some situation we may need to enable packet capture on Aruba Controller however if we are unable to locate a computer which has wireshark installed to look at the captured packets, we could check the packet flow on an Aruba Controller itself and below is an example of controlpath capture with all UDP traffic.
(ArubaMaster) #
(ArubaMaster) # show packet-capture
Active Capture Destination
--------------------------
Destination Disabled
Active Capture (Controlpath)
----------------------------
Interprocess Disabled
Sysmsg Disabled
TCP Disabled
UDP Enabled Ports: All
Other Disabled
Active Capture (Datapath)
-------------------------
Wifi-Client Disabled
Ipsec Disabled
(ArubaMaster) #show packet-capture controlpath-pcap
15:57:31.223288 IP 10.17.171.106.8211 > 10.17.171.105.8222: UDP, length 156
15:57:31.223333 IP 10.17.171.105.8222 > 10.17.171.106.8211: UDP, length 140
15:57:31.230970 IP 10.17.171.106.8211 > 10.17.171.105.8222: UDP, length 136
15:57:31.231162 IP 10.17.171.105.8222 > 10.17.171.106.8211: UDP, length 140
15:57:34.772646 IP 10.17.171.124.8211 > 10.17.171.99.8419: UDP, length 104
15:57:36.655981 IP 10.17.171.105.4500 > 10.17.171.102.4500: NONESP-encap: isakmp: phase 1 I agg
15:57:43.930762 IP 10.17.171.106.8211 > 10.17.171.105.8421: UDP, length 23250
15:57:43.930839 IP 10.17.171.106 > 10.17.171.105: udp
15:57:43.930878 IP 10.17.171.106 > 10.17.171.105: udp
15:57:43.930931 IP 10.17.171.106 > 10.17.171.105: udp
15:57:43.930962 IP 10.17.171.106 > 10.17.171.105: udp
15:57:43.930996 IP 10.17.171.106 > 10.17.171.105: udp
15:57:43.931027 IP 10.17.171.106 > 10.17.171.105: udp
15:57:43.931060 IP 10.17.171.106 > 10.17.171.105: udp
15:57:43.931093 IP 10.17.171.106 > 10.17.171.105: udp
15:57:43.931124 IP 10.17.171.106 > 10.17.171.105: udp
15:57:43.931155 IP 10.17.171.106 > 10.17.171.105: udp
15:57:43.931185 IP 10.17.171.106 > 10.17.171.105: udp
15:57:43.931214 IP 10.17.171.106 > 10.17.171.105: udp
15:57:43.931244 IP 10.17.171.106 > 10.17.171.105: udp
15:57:43.931279 IP 10.17.171.106 > 10.17.171.105: udp
15:57:43.931309 IP 10.17.171.106 > 10.17.171.105: udp
15:57:43.931339 IP 10.17.171.106 > 10.17.171.105: udp
15:57:43.931369 IP 10.17.171.106 > 10.17.171.105: udp
15:57:43.931398 IP 10.17.171.106 > 10.17.171.105: udp
15:57:43.931428 IP 10.17.171.106 > 10.17.171.105: udp
15:57:43.931458 IP 10.17.171.106 > 10.17.171.105: udp
15:57:43.931487 IP 10.17.171.106 > 10.17.171.105: udp
15:57:43.931517 IP 10.17.171.106 > 10.17.171.105: udp
15:57:43.931547 IP 10.17.171.106 > 10.17.171.105: udp
15:57:43.931585 IP 10.17.171.106 > 10.17.171.105: udp
15:57:44.014046 IP 10.17.171.105.8224 > 10.17.171.106.8211: UDP, length 407
15:57:45.656544 IP 10.17.171.105.4500 > 10.17.171.102.4500: NONESP-encap: isakmp: phase 1 I agg
15:57:46.050024 IP 10.17.171.107.8211 > 10.17.171.105.8383: UDP, length 88
15:57:46.050924 IP 10.17.171.105.8383 > 10.17.171.107.8211: UDP, length 88
15:57:48.091723 IP 10.17.171.107.8211 > 10.17.171.105.8222: UDP, length 393
15:57:48.092315 IP 10.17.171.105.8222 > 10.17.171.107.8211: UDP, length 140
15:57:50.654760 IP 10.17.171.105.4500 > 10.17.171.102.4500: NONESP-encap: isakmp: phase 1 I agg
15:57:54.859182 IP 10.17.171.107.8211 > 10.17.171.105.8389: UDP, length 402
15:57:54.860211 IP 10.17.171.105.8389 > 10.17.171.107.8211: UDP, length 402
15:57:55.493449 IP 10.17.164.19.23005 > 10.17.171.105.161: GetRequest(74) .1.3.6.1.4.1.14823.2.2.1.1.1.3.0 .1.3.6.1.4.1.14823.2.2.1.1.1.4.0 .1.3.6.1.4.1.14823.2.2.1.1.1.5.0
15:57:55.494154 IP 10.17.171.105.161 > 10.17.164.19.23005: GetResponse(83) .1.3.6.1.4.1.14823.2.2.1.1.1.3.0=10.17.171.105 .1.3.6.1.4.1.14823.2.2.1.1.1.4.0=1 .1.3.6.1.4.1.14823.2.2.1.1.1.5.0=10.17.171.103