1、Packet Capturing,By: wyu Feb, 2006,Agenda,Packet Capture Tools General Packet Capture Mode Capture Tips Using 7600 ELAM,Packet Capture/Analysis Tools,Most Commonly Used Packet Capture/Analysis Tool,Commercial Equipment: Agilent, Ixia, Spirent, etc.,PC based Software: Packet Sniffer, Ethereal, TCPdum

2、p, etc.,Cisco Proprietary: Pagent, ELAM,General Packet Capture Mode,Continuous Packet Capturing Capture all packets that meets the condition that set by users in a fixed packet buffer. Packets are stored in the ring-type buffer and dropped in first-in first-out basis. Depending on the equipment vend

3、or, capturing could stop whenever the packet buffer is full. Packet buffer size can be adjusted by users Triggered Packet Capturing Packet capturing starts only when triggered condition meets. Capture stops after packet buffer is felt Users might be able to set number of packets to be saved before t

4、rigger packets occurs,Capture Tips,Always set good filters Eliminate unwanted packets begin capture and waste buffer memory Narrowed the scope for what packets to look for Be aware of promiscuous mode being set by default, especially in the Ethernet case, it capture everything on the wire. Ensure co

5、rrect physical layer property setting and L2 Protocol Eliminate the possibility for not being able to capture packets due to CRC or Scrambling incorrectly set Set with correct L2 protocol, it helps the packet analyzer to decode packet with correct packet format as cases like encapsulation PPP/HDLC,M

6、y favorite capture setup,Traffic Source,UUT,Remote End,Fiber Splitter,Capture Tool,Packets captured On this way out,Using 7600 ELAM,Whats ELAM ELAM Embedded Logic Analyzer Module It is a EARL built-in logic analyzer that can be used as a packet capture tool for superman and tycho ASICs What can it d

7、o and how to use it? How to enable it ? By configuring service internal. Where can I use it ? On any module that has an EARL7 ASIC complex. A Supervisor 720 or a DFC3 capable card. On which prompt do I start it ? Either RP or SP prompt. How many packets can I capture ? ONE How do I find the packet t

8、hat I need ? By setting a trigger. How do I find out which ASICs are available ? sh platform capture system asic Remember, ELAM only captures on superman and tycho asic!,SUP720 ASICs Physical Location,7600 Logical Block Diagram,SUP Complex : ASICs,Superman L2 Forwarding ASIC EARL7 Tycho L3 Forwardin

9、g, Security and QoS ACL ASIC - EARL7 Super Solano 18 port Crossbar ASIC for the Sup720 that provides an aggregate bandwidth of 360 Gbps Pinnacle 4 port Gigabit ASIC Hyperion Fabric Interface and Multicast Replication ASIC ; NextGen Titan & Medusa Combo Titan ASIC which does Layer 2/3 packet replicat

10、ion Medusa Crossbar & Bus Fabric ASIC for Constellation+ and Super Constellation Systems,ELAM CLI Options,centa#show platform capture elam ? asic select ELAM ASIC data show capture data help helper for elam capture release release ELAM lock start start capture status show capture status trigger defi

11、ne ELAM trigger,ELAM Usage Steps,1.) Specify ASIC where you want to use ELAM ELAM support is per ASIC, not per system. To see which ASICs have ELAM support in a system use sh platform capture elam asic Example: harco#show platform capture elam asic Slot Cpu Asic Inst Ver PB Elam Active Lock - - - -

12、- - - - - 6 0 TYCHO 0 2.2 Y 0 SUPERMAN 0 1.3 Y * * 2.) To select an actual ASIC use the use sh platform capture elam asic slot inst ,ELAM Usage Steps (Set Trigger),3.) Specify capture trigger Most challenging part of using ELAM is choosing the right trigger! CLI command to configure a trigger is sh

13、platform capture elam trigger if Need to specify where the trigger will be applied: DBUS to match on DBUS header RBUS to match on RBUS header DE to match on Tychos decision engine Need to specify the packet format to be captured IPv4,IPv6,Others Finally specify an actual trigger after if. For list o

14、f available parameters use sh platform cap elam trigger help Note each asic/bus provides different set of triggers to match on Triggers from multiple ASICs cannot be mixed when using CLI When more than one trigger is specified (separated by space) they are logically AND (i.e. all triggers should be

15、true for packet to be captured). It is not possibly to logically OR the triggers Also useful to see ENG-14749 “Constellation Bus Specification” for definition of the DBUS/RBUS fields,Dbus Capture Sample harco#show platform capture elam trigger dbus ipv4 if ip_da=160.1.1.1255.255.255.255,ELAM Usage S

16、teps (Start Capturing),4.) Start capturing harco#show platform capture elam start 5.) View capture status harco#show platform capture elam statu active ELAM info: Slot Cpu Asic Inst Ver PB Elam - - - - - - - 6 0 SUPERMAN 0 1.3 Y DBUS trigger: FORMAT=IP L3_PROTOCOL=IPV4 IP_DA=160.1.1.1255.255.255.255

17、 elam capture in progress 6.) View captured data harco#show platform capture elam data,It changes to Complete When packet is captured,Captured Packet Content (dbus data),harco#show platform capture elam data DBUS data: SEQ_NUM 5 = 0 x15 QOS 3 = 0 QOS_TYPE 1 = 0 TYPE 4 = 0 ETHERNET STATUS_BPDU 1 = 0

18、IPO 1 = 0 NO_ESTBLS 1 = 0 RBH 3 = b000 CR 1 = 0 TRUSTED 1 = 1 NOTIFY_IL 1 = 0 NOTIFY_NL 1 = 0 DISABLE_NL 1 = 0 DISABLE_IL 1 = 0 DONT_FWD 1 = 0 INDEX_DIRECT 1 = 0 DONT_LEARN 1 = 0 COND_LEARN 1 = 0 BUNDLE_BYPASS 1 = 0 QOS_TIC 1 = 0 INBAND 1 = 0 IGNORE_QOSO 1 = 0 IGNORE_QOSI 1 = 0 IGNORE_ACLO 1 = 0 IGN

19、ORE_ACLI 1 = 0 PORT_QOS 1 = 0 CACHE_CNTRL 2 = 0 NORMAL VLAN 12 = 1020 SRC_FLOOD 1 = 0 SRC_INDEX 19 = 0 x201 LEN 16 = 64 FORMAT 2 = 0 IP MPLS_EXP 3 = 0 x0,REC 1 = 0 NO_STATS 1 = 0 VPN_INDEX 10 = 0 x100 PACKET_TYPE 3 = 0 ETHERNET L3_PROTOCOL 4 = 0 IPV4 L3_PT 8 = 255 MPLS_TTL 8 = 0 SRC_XTAG 4 = 0 x0 DE

20、ST_XTAG 4 = 0 x0 FF 1 = 0 MN 1 = 0 RF 1 = 0 SC 1 = 0 CARD_TYPE 4 = 0 x0 DMAC = 0012.43b2.a1c0 SMAC = 0001.0000.0300 IPVER 1 = 0 IPV4 IP_DF 1 = 0 IP_MF 1 = 0 IP_HDR_LEN 4 = 5 IP_TOS 8 = 0 x0 IP_LEN 16 = 46 IP_HDR_VALID 1 = 1 IP_CHKSUM_VALID 1 = 1 IP_L4HDR_VALID 1 = 0 IP_OFFSET 13 = 0 IP_TTL 8 = 64 IP

21、_CHKSUM 16 = 0 xC3CC IP_SA = 20.1.1.2 IP_DA = 160.1.1.1 IP_DATA 120 0000: 00 01 02 03 04 05 06 07 08 09 0A 0B 0D 10 11 . CRC 16 = 0 xDB2A,Capture Packet Contents (rbus data),RBUS data: SEQ_NUM 5 = 0 x15 CCC 3 = b100 L3_RW CAP1 1 = 0 CAP2 1 = 0 QOS 3 = 0 EGRESS 1 = 0 DT 1 = 1 GENERIC TL 1 = 0 B32 FLO

22、OD 1 = 1 DEST_INDEX 19 = 0 x3FD VLAN 12 = 1021 RBH 3 = b101 RDT 1 = 0 GENERIC 1 = 0 EXTRA_CICLE 1 = 0 FABRIC_PRIO 1 = 0 L2 1 = 0 FCS1 8 = 0 x1 DELTA_LEN 8 = 4 REWRITE_INFO i0 - replace bytes from ofs 0 to ofs 13 with seq 00 0B 45 B6 36 40 00 12 43 B2 A1 C0 88 47. insert seq 00 01 21 3F before ofs 14

23、. FCS2 8 = 0 xC2,Same Packet Captured on Ixia,Some Trigger Setting Samples,For packet from/to any mac address For IP packets sh platform cap elam trigger dbus ipv4 if dmac=0001.0002.0003 sh platform cap elam trigger dbus ipv4 if smac=0001.0002.0003 For non-IP (others) dest. MAC sh platform cap elam trigger dbus other if data=0 x00010002 0 x00030000 0 xffffffff 0 xffff0000 For non-IP (others) source. MAC sh platform cap elam trigger dbus if data=0 0 x000000