|
|
Capturing packets involves performing a data capture. Data capture lets you capture specific data and store it in a file.
Performing a data capture consists of the following general steps:
You use the Data Capture application to capture packets selectively from an RMON agent and save them in a file. You can capture the traffic you want for either standard protocols or for protocols you define. Once you have captured the data you want to examine, you can analyze it using Protocol Decode. See Chapter 24, "Decoding Packets."
You need to configure how the data capture is performed. You can capture data directly from the Traffic, Protocol, or Application level of the TrafficDirector main window.
To set up a data capture session, take the following steps:
Step 1 Select the Traffic, Protocol, or Application radio button to display the corresponding level of the TrafficDirector main window application area.
Step 2 Select the Agent, AgentGroup, Switch, or FrameRelay radio button, then do one of the following:
Step 3 Select a domain name or domain group from the list.
Step 4 Click the Data Capture icon or select Application>Data Capture.
The Data Capture window (Figure 23-1) opens.
Step 5 Specify where captured packets will be uploaded, and when and how packets will be captured in the appropriate fields in the Data Capture window:
Captured File Name--The name of the file where packets from the agent are uploaded. This file is stored in the $NSHOME/usr directory. The name is case-sensitive. The default filename is tmp.dat. (TrafficDirector supplies the .dat extension.)
Mode--Whether the session stops when the capture buffer is full. Lock When Full stops the session when the capture buffer is full. Wrap When Full lets the capture session continue when the buffer is full, with the most recent packets overwriting the earliest, until you click Stop. The default mode is Lock When Full.
Buffer Size--The maximum number of bytes to be saved in this capture buffer, including any implementation-specific overhead. Select either KB or MB. The range is from 32 to 8192 KB or 1 or 8 MB. The value must be a decimal number. The default buffer size is 64 KB.
Slice Size--The maximum number of bytes of each packet that are saved in the capture buffer. The range is from 0 to 1518 bytes. If you set Slice Size to 0, the capture buffer saves the entire packet. The value must be a decimal number. The default slice size is 128 bytes.
Address Type--The address type as either MAC or IP. The address or symbol entered for Source and Destination Address is interpreted on this basis. The default address type is MAC.
Source/Destination Address (two fields)--The source and destination addresses. Valid MAC address, valid IP address, or a valid Name are allowed. TrafficDirector uses these addresses to create more specific filters related to the source or destination of the data to be captured. MAC addresses must be in the format: 01-23-45-67-89-ab. IP addresses must be in dotted decimal notation (for example, 204.205.206.207). Name must be a valid host name.
Direction--Whether to capture traffic from source-to-destination only (Single), or in both directions (Both), the default.
Filter Type--Inclusive or exclusive capture properties. Inclusive (the default) captures only packets that match the filter list. Exclusive captures all packets except those that match the filter list.
Update Interval--The duration, in seconds, of the time between updates. The value must be a decimal integer. The minimum (default) value is 5 seconds. The maximum value is 60 seconds.
Filter List--Specify one or more filters from the list. The Filter Type field determines whether the filters you select are exclusive or inclusive.
TrafficDirector updates the following status fields while you are running Data Capture:
Started @--The date and time when the packet capture function started.
Running For (HH:MM:SS)--If capture is already started, displays the duration of time that data capture has been running.
Buffer Status--If capture is already on, displays "Running" (and the time the capture was started). If capture is stopped, displays "Stopped." If a capture entry does not exist, this field displays "Not Known." It also shows the buffer status: "Full" or "Available."
Captured Packets--The number of packets captured in the agent with the matched condition. This field is periodically updated during the capture sequence.
Step 6 Click the Start icon or select Capture>Start. This initiates an SNMP session that instructs the selected agent to begin collecting packets according to the filter definition.
Step 7 Click Stop or select Capture>Stop to end the data capture session. The captured data is stored in a buffer in the agent. If you selected the Lock When Full mode, the data capture function stops automatically when the buffer becomes full.
Step 8 Click Upload or select Capture>Upload to transfer the captured data from a buffer in the agent to the file you specified in the Captured File Name field. The default file is tmp.dat.
Step 9 When the upload is complete and you want to decode the data, click the Protocol Decode icon in the TrafficDirector main window, or click Decode in the Data Capture window to start the protocol decode. See Chapter 24, "Decoding Packets," for more information about Protocol Decode.
To ensure the integrity of the data capture, you should remove the established data capture parameters established and clear the data capture buffer before you exit the Data Capture window. Click the Delete icon or select Capture>Delete.
|
|