Packet trace

This help contains the following topics:

·     Introduction

¡     Application scenarios

¡     Packet trace modes

·     Restrictions and guidelines

·     Configure packet trace

Introduction

The packet trace feature traces packets processed by security services, and provides detailed information about the packets to help you troubleshoot network failures. The security services include attack protection, uRPF, session management, and connection limit.

Application scenarios

Packet trace applies to scenarios where a large number of security services are deployed and it is difficult to locate network failures rapidly and accurately.

Packet trace modes

To meet troubleshooting requirements in various situations, the packet trace feature provides the following packet trace modes:

·     Tracing real traffic—Traces real traffic on the device in a live network. Use this mode for troubleshooting in a live network.

·     Tracing imported packets—Imports captured packets from a .cap or .pcap file and analyzes the packets. Use this mode if packets required for troubleshooting have been captured. Using this mode, you can help troubleshoot failures on other networks.

·     Tracing constructed packets—Uses settings configured by the administrator to construct a packet and verify packet processing results for configured security services. When you complete device configuration, use this mode to create a packet to verify the expected packet processing result.

Restrictions and guidelines

·     The system generates .cap files only if you select Capture diagnose packets before clicking Diagnose.

·     You cannot export the same .cap files repeatedly. Once being exported, .cap files are deleted from the device.

·     Importing captured packets from a .cap or .pcap file imports only packets of the first 10 data flows, 10 packets each data flow. The packet trace feature traces only imported packets that are complete. It does not trace packets that are incomplete.

Configure packet trace

Before enabling packet trace, configure the following items to identify the packets to be traced:

·     IP type—Specifies the IPv4 or IPv6 packet type. To trace IPv4 packets, select IPv4. To trace IPv6 packets, select IPv6.

·     Incoming interface—Specifies the incoming interface of the packets.

·     Protocol—Specifies the protocol used by the packets.

·     Source address—Specifies the source address of the packets.

·     Source port—Specifies the source port of the packets.

·     Destination address—Specifies the destination address of the packets.

·     Destination port—Specifies the destination port of the packets.

·     Source MAC—Specifies the source MAC of the packets.

·     Destination MAC—Specifies the destination MAC of the packets.

·     VLAN ID—Specifies the VLAN ID of the packets.

·     Diagnosis time—Specifies the packet trace duration. When the specified time expires, packet trace stops. This setting is supported only in real traffic mode.

·     Capture diagnose packets—Indicates whether to capture traced packets and save the packets to .cap files. To capture and save the packets, select this option. To export the .cap files, click Export, select Captured diagnostic packets, and click OK.

The packet trace output shows the packet processing procedures of security service modules. If a service module processes packets correctly, the system displays . If a service module drops packets, the system displays  and the packet loss causes.