How to collect and retrieve PCAP from Reporter device
search cancel

How to collect and retrieve PCAP from Reporter device

book

Article ID: 231590

calendar_today

Updated On:

Products

Reporter-VA Advanced RP-VA Reporter-S500

Issue/Introduction

How to collect packet capture on Reporter appliance or VA.

When investigating issues involving reporter device we require network packet capture (PCAP) to be collected to analyze Reporter's network communication behavior.

Reporter allows PCAP collection through CLI.

Resolution

Refer below steps to collect and retrieve PCAP files from Reporter : 

--------------------------------------------------------------

To collect a PCAP :

1. Login to Reporter CLI enable mode.

2. Configure a filter if needed

# pcap filter direction [both|in|out]
# pcap filter expression [host|port]
# pcap filter interface <nic>

3. To start the packet capture use command:

reporter# pcap start

4. Reproduce the issue after above command is executed.

5. To stop the packet capture use command:

reporter# pcap stop

--------------------------------------------------------------

To transfer PCAP file to external FTP Server:

To retrieve collected PCAP from the reporter, the PCAP file needs to be transferred to an external FTP server.

To transfer generated PCAP to the desired location using the below command in CLI enable mode:

Example:
reporter# pcap transfer ftp://example.com/files/filename.pcap username password

You will need to use an FTP username and password which is configured on the FTP server-side.

--------------------------------------------------------------

Enable Reporter FTP Server and retrieve PCAP file:

If it is not possible to set up a external FTP server to transfer the PCAP file in the environment, you can store the file locally on the Reporter.

To do this follow the below steps :

*Starting in version 11.x Reporter Admin Console is accessible only via Management Center. 

**How to access Reporter Admin Console 

 

1. Go to Reporter Admin Console-> Administration -> System Settings -> Server Settings -> Enable FTP server -> Click "Save"

2. Make sure FTP user is created on the reporter and credentials are available.

This can configured under section: Administration -> Access -> Access Control

3. Use command in CLI enable mode:

Example:
reporter# pcap transfer ftp://<reporterIP>/filname.pcap username password

*This command will transfer file within Reporter to folder accessible externally through FTP

4. Once the above command is successful access the reporter from an FTP client e.g. WinSCP

5. The PCAP file as filename.pcap will be located on the reporter root location (/<root>).

Additional Information