Traffic Capture
This FAQ page deals with questions related to the traffic capture.
Q: What is traffic capture?
A: Capture allows selected packets of the incoming traffic on a port to be retained and inspected.
Triggers specify when to start capturing, when to stop, and which packets to keep while capturing is active. These events can be specified as user-defined filters or as built-in events such as packet checksum errors. Results can be viewed directly within the Xena environment, and packets can be saved for further analysis by external tools such as WireShark. There is also a packet-by-packet graphical display of key capture parameters, such as packet length and inter-frame gap.
Q: Is Xena compatible with WireShark?
A: Yes, the captured packets can be saved in either WireShark “.pcap” or “.pcapng” format, for further analysis in the WireShark environment. This is useful when analyzing packet protocols which are not (yet) supported in XenaManager.
Q: Are the 4-byte Ethernet FCS checksum field values included in pcap files?
A: The default setting is not to save FCS but this can be changed in the Capture panel.
Q: How large is the packet Capture buffer?
A: The wire-speed capture buffer is 64KB for the 10 Gbps test port, and 16KB per 10/100/1000M test port. The number of captured bytes per packets can be limited, e.g. to 64 bytes, so that only the packet header is captured. Then approximately 1000 or 250 packets can be captured per 10 Gbps and 10/100/1000M test port respectively. If the captured criteria is specified to match an incoming lower speed stream with a 2-5 Mbps rate (such as a VoIP or IPTV stream), the capture buffer can store 4096 packets at any packet length.
Q: Which packet protocols can the capture engine decode?
A: XenaManager can decode several protocols, such as Ethernet, Ethernet II, VLAN, ARP, IPv4, IPv6, UDP, TCP, LLC, SNAP, GTP, ICMP, RTP, RTCP, and STP. Please refer to the XenaManager documentation for full details.
Q: How do I start/stop the traffic capture function?
A: The capture start/stop trigger events can be the arrival of a packet which matches a specific user-defined packet header filter (such as a specific Ethernet/IP address, VLAN ID, IP TOS etc) or a packet FCS checksum error.
Q: How can I define my packet capture criteria?
A: The capture function can be configured to retain packets which match a user-defined packet header filter (such as a specific Ethernet/IP address, VLAN ID, IP TOS etc), all traffic, or all traffic which does not include a test payload.