Frequently Asked Questions

OCSM Probe Packet capture with napatech
Last Updated 3 years ago

This tool captures all packets that are received on a certain Napatech port (before any filters are applied).
1. Confirm present Napatech card's ports/interfaces and their IDs by running monitoring
root@ocsm:~# /opt/napatech3/bin/monitoring
-> here is sample output, look for the lines with Full under Link, and note their port IDs - in our example the ID is 3:
monitoring

2. Start the trace specifying the port (option -p) on which to capture and the output file (option -f):
root@ocsm:~# /opt/napatech3/bin/capture -p 3 -f /var/tmp/raw_capture_file
Or alternatively, if there are several ports you want to capture on, you can specify them like this:
root@ocsm:~# /opt/napatech3/bin/capture -p 1,2,3 -f /var/tmp/raw_capture_file

3. The trace can be stopped by breaking the running process using Ctrl+C, here is a sample output of stopped tracing:
^CSegment throughput: 0.000 Mbps
Delete the NTPL assigns.
>>> : Delete=10
>>> : Delete=11

Done: 0 segments, 0 bytes
Average segment throughput: 0.000 Mbps.

root@ocsm:~#

4. The captured file is in custom Napatech format, therefore in order it could be usable by wireshark/tshark in needs to be converted into appropriate format:
root@ocsm:~# /opt/napatech3/bin/capfileconvert -i /var/tmp/raw_capture_file -o /var/tmp/raw_capture_file.pcap --outputformat=pcap
And then you can access the trace in file /var/tmp/raw_capture_file.pcap (you can open/filter it in command line if you are familiar with the tshark command, otherwise copy it to your PC with scp/winscp and open it in Wireshark)
Note: take into account the available space before conversion as there will be doubled size - original and converted file; afterwards the original can be removed.

Please Wait!

Please wait... it will take a second!