Capture packets dialog box

Use the Capture Packets dialog box to configure a traffic capture on the NAM Server. It is available to users to whom the Packet Capture User role is assigned.

See Starting a Smart Packet Capture for step-by-step instructions.

Tip

Use Smart Packet Capture to diagnose user-specific issues:

  1. Conduct fault domain isolation (FDI) to focus on a specific user.
  2. Locate that user on a NAM Server report.
  3. Start a capture from that NAM Server report.

You can access Smart Packet Capture only if you have been assigned the Packet capture user role. See User roles and groups for help on assigning user roles.

  • Task name
    The name of the task as it will appear in the list of tasks. Set this to a name that is useful for searching and sorting.
  • Description
    The description of the task as it will appear in the list of tasks.
  • Estimated task size
    The estimated total size of the capture, combining all data sources.
  • Free space
    The storage space available for the capture. If this is not larger than the estimated task size, there will not be enough space available to save the capture.
  • OK
    Click OK to schedule the task and display a list of tasks with the filter set to your user name.
  • Cancel
    Click Cancel to discard task submission.

Traffic Filters tab

Use the Traffic Filters tab to narrow the range of your capture to traffic between two dates and times, limit the duration of the capture, and review the filter settings.

  • Task name is automatically derived from the date and time of the capture (Task yyyy_mm_dd__hh_mm_ss).
  • Description is automatically derived from the point at which you initiated the capture (such as Created from "report_name" for "user").
  • Time range
    • To capture traffic during a specific time range, select Fixed date and time and set the Start time and Stop time.
    • To capture traffic for a certain amount of time starting from when you click OK, select Period relative to the current date and set Duration to the number of seconds, minutes, or hours you want to capture data.

The date range (available when Fixed date and time is selected) is initially populated from the NAM Server report, but you can adjust it in the Capture Packets dialog box.

TCPDUMP filter

The filters are initially populated from the NAM Server reports filters (converted to tcpdump filter format), but you can adjust them in the Capture Packets dialog box. If you edit this field, be sure to conform to the tcpdump filter format. If a filter setting is invalid, an error message is displayed and it is not possible to submit the task.

You can copy these filters into DNA and edit them to filter your trace during import.

Click Syntax warnings under the filter box to list all syntax warnings.

Note

If both the server and the client are aggregated, the real client IP address is present in the filter expression but the real server IP address is not. In such cases, you probably need to change the filter expression manually to use the real server IP address.

For servers that are not aggregated, the server IP address is present in the filter expression.

Data Sources tab

Use the Data Sources tab to select the devices that will be used to gather data for this task.

  • By default, all NAM Probes available on the selected NAM Server are used, but you can clear the check boxes of probes you don't want to query for this task.
  • If your probe is not listed here, ensure that it has been configured and has been added to the NAM Console's list of devices.
  • Applies to NAM 2019 Service Pack 2+
    If you need to fine-tune your capture down to NAM Probe interfaces (not just NAM Probes), set interface filters on the Advanced options tab.
Note

In a farm deployment, you can have multiple slaves and NAM Probes connected to them in various configurations (for example, probe1 connected to slave 1, and probe2 connected to slave 2). If you are browsing DMI reports (on a master NAM Server), data is downloaded from slave servers and aggregated on the master. For packet capture, this screen displays all probes from the master and all slaves. It is not known which server in the farm holds a given porting of data. If data for a given tcpdump filter is not visible to a given probe, no data is captured on that probe.

Advanced Options tab

Use the Advanced Options tab to specify various advanced capture settings.

Note: all Advanced Options settings are independent of one another.

TCPDUMP filter settings

  • Remove encapsulation
    By default, Smart Packet Capture removes encapsulation from the trace. Clear this setting if you do not want to remove encapsulation from the trace.

  • Define filter for NAM Probe interfaces (optional)
    Applies to NAM 2019 Service Pack 2+
    By default, Smart Packet Capture captures traffic on all sniffing interfaces of all selected data sources. Starting with NAM 2019 Service Pack 2, you can set a filter on the Advanced Options tab if you want to capture packets only on selected interfaces of your data sources.

    Example interface filters:

    • ifc1 will capture traffic on any sniffing interface named ifc1 on all NAM Probes on which you are capturing traffic. If you are capturing on two NAM Probes, each of which has an interface named ifc1, you will capture traffic only on those two interfaces.
    • ifc1, ifc2 will capture traffic only on sniffing interfaces named ifc1 or ifc2 on any NAM Probe on which you are capturing traffic.
    • 1.2.3.4:ifc1 will capture traffic only on the sniffing interface named ifc1 on the NAM Probe with IP address 1.2.3.4.
    • 1.2.3.4:ifc1, ifc2 will capture traffic only 1.2.3.4:ifc1 (a certain interface on a certain NAM Probe) and on interface ifc2 on all selected NAM Probes.
    Important

    The filter for Define NAM Probe interface is not validated. If your filter definition is incorrect, it is ignored (with no notification in the interface) and traffic is captured on all sniffing interfaces on all selected NAM Probes (the equivalent of not defining this filter at all).

File settings

  • Maximum file size (NAM Probe)
    By default, the maximum Smart Packet Capture trace file size is 500 MB. Change the number and select MB or GB to set a different maximum capture file size.

  • Secure file with password
    By default, Smart Packet Capture does not password-protect your trace file. Select this (and provide the password twice) if you want to password-protect the trace file stored on the NAM Server. You will then need to provide this password to open the trace in DNA or another application.

Select View in trace trimmer to automatically display the completed capture in Trace Trimmer.