Follow

How to use the Traffic Dump Utility


Welcome to Ecessa Support, we have a variety of technical information and tools for a variety of solutions. If you aren't finding a solution, or would like to talk to a technical support team member, please call 800-669-6242.

See Ecessa's full line of products and solutions

Ecessa’s built in traffic dump utility makes it easy to troubleshoot many common network issues.  The utility can be accessed through the web interface by navigating to “Diagnostics” under the Utilities menu and then clicking on the “Traffic Dump” tab. 

 Image1.png

First, select the interface that the traffic dump will be listening on from the pull-down labeled Interface Port for. The Ecessa unit can listen on WAN or LAN ports. Next, define how many packets to capture on the selected interface before the traffic dump stops (minimum is 1 and maximum is 250).

 Image2a.png

The Filter section allows the user to isolate traffic from or to a specific host, as well as specific types of data (ports or protocols).  Multiple filters can be added to a single capture.  Prior to starting the traffic dump, use the filter pull down menu to select the properties of the filter you wish to create, clicking on the Add to Filter button for each rule individual rule.

For example, to listen for only port 25 traffic sourcing from 12.34.56.78, select “Address” in the pull-down menu and type “12.34.56.78” on the field next to it, then click Add to Filter.  Now select “Port” in the pull-down menu and type 25, click Add to Filter again.  The rule will be written out on the line below as “host 12.34.56.78 and port 25.”  Modifiers such as “and,” “or,” and “not” can be used to either narrow or expand the capture. 

 Image3.png

 Image4.png

 Image5.png

 

  Image6.png

 

After a valid filter string has been added, click the Start button.  Each packet on the selected interface port that matches the filter criteria will be displayed along with a time stamp, protocol, source, source port, destination, destination port and a small amount of information related to the packet. 

Image7.png

 

Placing the mouse over a captured packet’s source or destination IP addresses will display its MAC address.  The search string can be used to further refine packets displayed from the traffic dump.  Use this feature to search for a particular string from any of the captured packet’s properties. 

 Image8.png

 Once a capture has been started, use the Stop button to discontinue the capture before it finishes.  The Clear button clears all captured packets.  Use the Download button to extract a copy of the full capture in “.pcap” format.  This file can be viewed in traffic capture utilities such as Wireshark.  Refer to the help link at the top of the page for further assistance.

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

2 Comments

  • 0
    Avatar
    Jay Walker

    How can we capture more than 250 seconds. Can we use a command line utility instead?

  • 0
    Avatar
    Jay Walker

    Apparently there is a command line option where you can use more than the 250 packets. I have not figured out how to output to a pcap file, the normal -w will not work, but I am able to print to screen the packets.

     

    Here is the format to use to capture all traffic on physical port 2 that has the host in ip.src or ip.dst of 192.168.1.22

    diagnostics tdump port 2 filter "host 192.168.1.22"
Please sign in to leave a comment.