Readers will learn how to capture packets on the EdgeRouter.
NOTES & REQUIREMENTS:
Applicable to the latest EdgeOS firmware on all EdgeRouter models. Please see the Related Articles below for more information.
Device used in this article:
The EdgeRouter offers both simple and extensive packet capture options using the build-in CLI commands or the TCPDUMP packet analyzer.
CLI: Access the Command Line Interface. You can do this using the CLI button in the GUI or by using a program such as PuTTY.
To run a packet capture on an Ethernet or tunnel interface, simply add the
capture statement behind the interface number:
show interfaces ethernet eth0 capture
Capturing traffic on eth0 ...
show interfaces tunnel tun0 capture
Capturing traffic on tun0 ...
You can optionally limit/filter the packet capture to only display specific ports:
show interfaces ethernet eth0 capture port 22
Capturing traffic on eth0 port 22 ...
show interfaces tunnel tun0 capture not port 443
Capturing traffic on tun0 excluding port 443 ...
It is also possible to use the build-in TCPDUMP packet analyzer. Some of the available options are:
-iSpecify the interface to capture on.
-nDo not resolve addresses to names.
-cAmount of packets to capture.
-wWrite output to file.
udp / tcp / icmpProtocol to capture.
src / dstSource or Destination traffic.
portPort to filter on.
not portPort to exclude.
Please see the TCPDUMP manual for more information on all available options.
sudo tcpdump -i eth0 -n tcp dst port 22
sudo tcpdump -i eth0 -n udp dst port 500 or port 4500
sudo tcpdump -i tun0 -n icmp -c 10 -w /home/ubnt/capture.pcap