EdgeRouter - Capturing Packets
Overview
Readers will learn how to capture packets on the EdgeRouter.
NOTES & REQUIREMENTS:
Applicable to the latest EdgeOS firmware on all EdgeRouter models. Please see the Related Articles below for more information.
Device used in this article:
Capturing Packets
The EdgeRouter offers both simple and extensive packet capture options using the build-in CLI commands or the TCPDUMP packet analyzer.
CLI: Access the Command Line Interface.You can do this using the CLI button in the GUI or by using a program such as PuTTY.
To run a packet capture on an Ethernet or tunnel interface, simply add the capture
statement behind the interface number:
show interfaces ethernet eth0 capture
Capturing traffic on eth0 ...
show interfaces tunnel tun0 capture
Capturing traffic on tun0 ...
You can optionally limit/filter the packet capture to only display specific ports:
show interfaces ethernet eth0 capture port 22
Capturing traffic on eth0 port 22 ...
show interfaces tunnel tun0 capture not port 443
Capturing traffic on tun0 excluding port 443 ...
It is also possible to use the build-in TCPDUMP packet analyzer. Some of the available options are:
-
-i
Specify the interface to capture on. -
-n
Do not resolve addresses to names. -
-c
Amount of packets to capture. -
-w
Write output to file. -
udp / tcp / icmp
Protocol to capture. -
src / dst
Source or Destination traffic. -
port
Port to filter on. -
not port
Port to exclude.
Please see the TCPDUMP manual for more information on all available options.
sudo tcpdump -i eth0 -n tcp dst port 22
sudo tcpdump -i eth0 -n udp dst port 500 or port 4500
sudo tcpdump -i tun0 -n icmp -c 10 -w /home/ubnt/capture.pcap
Related Articles
Intro to Networking - How to Establish a Connection Using SSH