SteelFusion™ Command-Line Interface Reference Manual : Configuration Mode Commands : System Commands : tcpdump-x all-interfaces
  
tcpdump-x all-interfaces
Configures a list of all interfaces for a TCP dump capture.
Syntax
[no] tcpdump-x all-interfaces [capture-name <capture-name>] continuous | buffer-size <size> | duration <seconds> [schedule-time <hh:mm:ss> [schedule-date <yyyy/mm/dd>]] | [rotate-count <number>] | [snaplength <snaplength>] | [sip <src-address>] | [dip <dst-address>] | [sport <src-port>] | [dport <dst-port>] | [dot1q {tagged | untagged | both}] | [ip6] | [custom <custom-param>] | [file-size <megabytes>]
Parameters
capture-name <capture-name>
Specifies a capture name to help you identify the TCP dump. The default filename uses the following format:
<hostname>_<interface>_<timestamp>.cap
 
Where hostname is the hostname of the appliance, interface is the name of the interface selected for the trace (for example, lan0_0, wan0_0), and timestamp is in the ’yyyy/mm/dd hh:mm:ss’ format.
Note: The cap file extension is not included with the filename when it appears in the capture queue.
continuous
Starts a continuous capture.
buffer-size <size>
Specifies the size in kilobytes for all packets.
duration <seconds>
Specifies the run time for the capture in seconds. The default is 30 seconds.
schedule-time <hh:mm:ss>
Specifies a time to initiate the trace dump in the format ’hh:mm:ss’.
schedule-date <yyyy/mm/dd>
Specifies a date to initiate the trace dump in the format ’hh:mm:ssyyyy/mm/dd’.
rotate-count <number>
Specifies the number of files to rotate.
snaplength <snaplength>
Specifies the snap length value for the trace dump. The default value is 1518. Specify 0 for a full packet capture (recommended for CIFS, MAPI, and SSL traces).
sip <src-address>
Specifies a comma-separated list of source IP addresses. The default setting is all IP addresses.
dip <dst-address>
Specifies a comma-separated list of destination IP addresses. The default setting is all IP addresses.
sport <src-port>
Specifies a comma-separated list of source ports. The default setting is all ports.
dport <dst-port>
Specifies a comma-separated list of destination ports. The default setting is all ports.
dot1q
Specifies one of the following to filter dot1q packets:
  • tagged - Captures only tagged traffic.
  • untagged - Captures only untagged traffic.
  • both - Captures all traffic.
    • Note: Do not use the sip, dip, sport, dport and custom parameters together when using the dot1q both option. Use the tcpdump command instead to capture this information.
    For detailed information about dot1q VLAN tunneling, see your networking equipment documentation.
    ip6
    Specifies IPv6 packets for packet capture.
    custom <custom-param>
    Specifies custom parameters (flags) for packet capture. You need to enclose the customer parameter in quotation marks (" ") if it contains more than one word.
    file-size <megabytes>
    Specifies the file size of the capture in megabytes.
    Usage
    You can capture and retrieve multiple TCP trace dumps. You can generate trace dumps from multiple interfaces at the same time and you can schedule a specific date and time to generate a trace dump.
    Example
    The following example starts a continuous capture for a file named tcpdumpexample with a duration of 120 seconds:
    amnesiac (config) # tcpdump-x all-interfaces capture-name tcpdumpexample continuous duration 120
     
    The following example captures untagged traffic on destination port 7850 and ARP packets:
    amnesiac (config) # tcpdump-x all-interfaces dot1q untagged dport 7850 custom "and arp"
     
    The following example captures VLAN tagged traffic for host 10.11.0.6 and ARP packets:
    amnesiac (config) # tcpdump-x all-interfaces dot1q tagged sip 10.11.0.6 custom "or arp"
     
    The following example captures tagged ARP packets only:
    amnesiac (config) # tcpdump-x all-interfaces dot1q tagged custom "and arp"
     
    The following example captures untagged ARP packets only:
    amnesiac (config) # tcpdump-x all-interfaces dot1q untagged custom "and arp"
    Related Topics
    show tcpdump-x, tcpdump