EdgeRouter - Capture packets on the router

Overview


Readers will learn CLI commands for capturing packets on the router.

 

Commands


To perform a simple packet capture, use the following command:

root@ubnt:~# show interfaces ethernet eth0 capture 
Capturing traffic on eth0 ...

You can filter the capture by port:

root@ubnt:~# show interfaces ethernet eth0 capture port 22 
Capturing traffic on eth0 port 22 ...

 

You can negate the capture: 

root@ubnt:~# show interfaces ethernet eth0 capture not port 22
Capturing traffic on eth0 excluding port 22 ...

 

You can execute the tcpdump command with its full list of options. To run the tcpdump command, use the sudo command:

ubnt@ubnt:~$ sudo tcpdump -i eth0 -c 10
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
13:45:49.974243 ARP, Request who-has 10.1.0.99 tell 10.1.1.34, length 46
13:45:49.975200 ARP, Request who-has 10.1.0.225 tell 10.1.1.107, length 46
<SNIP>