Traffic Capture

These commands enable displaying, capturing, managing and exporting network traffic flowing through a given network interface.

Display the network traffic flowing through a given network interface.

vrouter> cmd traffic-capture eth0 filter udp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
17:05:04.109799 de:ad:de:01:02:03 > 52:56:00:00:00:02, ethertype IPv6 (0x86dd), length 110: fec0::dcad:deff:fe01:203.123 > 2001:67c:1560:8003::c7.123: NTPv4, Client, length 48
17:05:11.109828 de:ad:de:01:02:03 > 52:55:0a:00:02:02, ethertype IPv4 (0x0800), length 90: 10.0.2.15.123 > 91.121.7.182.123: NTPv4, Client, length 48
17:05:13.109796 de:ad:de:01:02:03 > 52:56:00:00:00:02, ethertype IPv6 (0x86dd), length 110: fec0::dcad:deff:fe01:203.123 > 2001:bc8:2717:100::1.123: NTPv4, Client, length 48
^C
3 packets captured
3 packets received by filter
0 packets dropped by kernel
vrouter>

The new argument enables capturing traffic in a given network interface:

vrouter> cmd traffic-capture new name traffic-eth0 filter udp eth0
tcpdump: listening on mgmt0, link-type EN10MB (Ethernet), capture size 262144 bytes
^C3 packets captured
3 packets received by filter
0 packets dropped by kernel
vrouter>

Both commands can be interrupted by hitting ctrl-c.

See also

• The command reference for details.

• The command reference for details.

It also is possible to list and flush all traffic captured saved in the machine or remove a specific one respectively with the list, flush and delete commands.

vrouter> cmd traffic-capture list
traffic-eth0
traffic-eth1
vrouter> cmd traffic-capture delete traffic-eth0
OK.
vrouter>

Then a specific capture can be read or exported with the read and export commands:

See also

• The command reference for details about the list command.

• The command reference for details about the delete command.

• The command reference for details about the flush command.

vrouter> cmd traffic-capture read traffic-eth0
reading from file /var/lib/yams/traffic-captures/traffic-eth0.pcap, link-type EN10MB (Ethernet)
17:05:04.109799 de:ad:de:01:02:03 > 52:56:00:00:00:02, ethertype IPv6 (0x86dd), length 110: fec0::dcad:deff:fe01:203.123 > 2001:67c:1560:8003::c7.123: NTPv4, Client, length 48
17:05:11.109828 de:ad:de:01:02:03 > 52:55:0a:00:02:02, ethertype IPv4 (0x0800), length 90: 10.0.2.15.123 > 91.121.7.182.123: NTPv4, Client, length 48
17:05:13.109796 de:ad:de:01:02:03 > 52:56:00:00:00:02, ethertype IPv6 (0x86dd), length 110: fec0::dcad:deff:fe01:203.123 > 2001:bc8:2717:100::1.123: NTPv4, Client, length 48
vrouter> cmd traffic-capture export traffic-eth0 url scp://user:passwd@host/tmp/
OK.
vrouter>

See also

• The command reference for details about the read command.

• The command reference for details about the export command.