Specifications
OmniAccess Reference: AOS-W System Reference
624 Part 031652-00 May 2005
z Session mirror sniffing and
z Packet-capture for control path packets
Packet Capture
This CLI utility allows sniffing of all control path packets. This is useful for
sniffing RADIUS, 802.1x, VPN control path (IKE is encrypted, L2TP is not),
station up/down opcodes, mobility, DHCP, and virtually any other packets that
traverse the control path CPU.
To invoke the command as an action (not saved), enter:
# packet-capture tcp <all|disable|ports> udp <all|disable|ports>
Alcatelmsg <all|disable|ports> other <enable|disable>
To invoke the command as a config option which can be saved across
switches in the running configuration, enter:
(config)# packet-capture-defaults tcp <all|disable|ports> udp
<all|disable|ports> Alcatelmsg <all|disable|opcodes> other
<enable|disable>
These commands create a file named filter.pcap in the logs directory that
can then be extracted using tar logs. The file is also copied into the crash
directory in the event of a crash. The file is limited to 1.5MB and will be backed
up to filter.1.pcap if filled. So up to 3MB of captured packets can be retained
for future inspection. These commands allow a complete playback of what
happened.
N
OTE—Be careful when using these commands as use passwords and keys
may be stored inside filter.pcap.
To see the results of these commands, enter:
# show packet-capture
or
# show packet-capture-defaults
You can enable/disable sniffing on TCP, UDP, Alcatel messages, or any other
types of packets. Note that "ports" and "opcodes" are comma separated
values and you can sniff up to 10 of them. Whenever they're present, only
those ports or opcodes are captured.
The following types of packets are always skipped:
z Alcatel message hellos