EdgeRouter - Capturing Packets


Overview


Readers will learn how to capture packets on the EdgeRouter.

NOTES & REQUIREMENTS:
Applicable to the latest EdgeOS firmware on all EdgeRouter models. Please see the Related Articles below for more information.
 
Device used in this article:

Capturing Packets


Back to Top

The EdgeRouter offers both simple and extensive packet capture options using the build-in CLI commands or the TCPDUMP packet analyzer.  

CLI: Access the command line interface (CLI). You can do this using the CLI button in the GUI or by using a program such as PuTTY.

To run a simple packet capture on an Ethernet or tunnel interface, simply add the capture statement behind the interface number:

show interfaces ethernet eth0 capture 
Capturing traffic on eth0 ...

show interfaces tunnel tun0 capture
Capturing traffic on tun0 ...

You can optionally limit/filter the packet capture to only display specific ports:

show interfaces ethernet eth0 capture port 22 
Capturing traffic on eth0 port 22 ...

show interfaces tunnel tun0 capture not port 443
Capturing traffic on tun0 excluding port 443 ... 

To run an extensive packet capture, use the build-in TCPDUMP packet analyzer. Some of the available options are:

  • -i Specify the interface to capture on.
  • -n Do not resolve addresses to names.
  • -c Amount of packets to capture.
  • -w Write output to file.
  • udp / tcp / icmp Protocol to capture.
  • src / dst Source or Destination traffic.
  • port Port to filter on.
  • not port Port to exclude.

Please see the TCPDUMP manual page for more information on all available options.

sudo tcpdump -i eth0 -n tcp dst port 22
sudo tcpdump -i eth0 -n udp dst port 500 or port 4500
sudo tcpdump -i tun0 -n icmp -c 10 -w /home/ubnt/capture.pcap

Related Articles


Back to Top

Intro to Networking - How to Establish a Connection Using SSH