Reset Search
 

 

Article

KB2564 - Common TCP capture filters used with PCS device

« Go Back

Information

 
Last Modified Date12/21/2018 2:47 PM
Synopsis
This article provides some common filters that can be used with the TCP dump tool on the PCS device to help isolate traffic for debugging issues.
Problem or Goal
  • TCP capture files on the PCS device have a size limit of 500 MB.
  • Once the TCP dump file reaches 500 MB, no further packets will be logged to the packet capture file, even though the dump will remain running.
  • Due to the amount of packets that are captured during heavy usage periods, or if the dump has to run for more than 5 minutes to try and capture the issue, it is necessary to use filters to reduce the amount of traffic captured and isolate only the traffic needed to debug the issue.
Cause
Solution

Common filters used with TCP dump tool 

  1. Filter commonly used to troubleshoot VPN tunneling startup or session issues:
host 73.93.152.132 OR host 10.5.10.2
73.93.152.132 = client external IP address
host 10.5.10.2 = client virtual IP assigned by VPN tunneling


Tip: Have the user connect with VPN tunneling once before starting the capture to get the virtual IP address, then set this in the filter and have the user reconnect.
 
  1. Display Filter -- Filters which you use to tilter the captured TCP dump.

In IVE TCP dump filter field you have to use Capture Filters variable. You can use the ethereal capture filter syntax.

For Example:

  1. If you want filter based on host IP address, the syntax will be host i.e. host 10.20.30.40 if 10.20.30.40 is host IP address
  2. If you want to capture HTTP traffic, the syntax will be tcp port 80. This filter will only capture HTTP traffic.

You can also use "AND" "OR" and "NOT" operators. Suppose you want to capture telnet traffic from host 10.20.30.40 then the syntax will be tcp port 23 AND host 10.20.30.40.

For more details you can refer to ethereal user guide at http://www.ethereal.com/docs/eug_html_chunked/

Note: in May of 2006,  Wireshark network protocol analyzer became the successor to Ethereal

Related Links
Attachment 1 
Created ByData Deployment

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255