Capture module: Difference between revisions

This list shows the most recently performed captures for the current user. The most recent capture is displayed on the top. Next to each capture there is a button to permanently save this capture as a favorite as well as a button to simply start this capture again. The button “Delete list of recent captures” will delete all entries from this list.

This list shows favourite capture expressions. A capture can be marked as a favorite either in the capture dialog by clicking on the star button in the top right corner or by marking it as a favorite in the “Recently captured” list. A description can be given and will be displayed in this list. For each favorite capture a PCAP button is available to simply start this capture again. The “Remove favorites” button allows for cleaning the list. macProtocol

The second section of the capture page allow to select some fields to filter network traffic for. By default, only the IP field is visible, the other fields can be enabled by clicking on the corresponding toggle switch. Each line allows to enter a filter criterion for the corresponding network traffic element. To start the capture with the entered filter criteria just click at the “Start capture” button. For reference, the expert filter expression is shown at the end of the section so it can be used to copy and paste

:This mode will transmit the captured packets encapsulated in a GRE + ERSPAN header on the management interface to a given target IP address. On the target system the  traffic can be  selectively captured using the filter “ip proto 0x2f” when using an application like Wireshark or tcpdump.

After pushing the “Start capture” button, the capture starts.

It is possible to use an external tool like “curl” for creating and storing a PCAP.