Network packet capture

Network packet capture is a network diagnostic tool that allows you to capture and store packets passing through the router's network interfaces.

You can enable network traffic capture through the selected router's interface. As a result, a special file will be created that can be opened for viewing and analysis on your computer in Wireshark or submitted to the support team for analysis.
The network packet dump will help you diagnose network traffic problems and analyze what happens to specific packets. Based on this information, it will be possible to conclude the correctness or incorrectness of the routing, host or provider's gateway to determine the causes of the problem and options for fixing them.

NOTE: Important! When contacting our technical support team, in addition to the network traffic dump file (*.pcapng) resulting from the packet capture, be sure to provide the system file self-test.txt. Save it as soon as the packet capture is complete.
Information of a *.pcapng file alone without self-test.txt will be useless, as it is impossible to determine the conditions under which the packet capture was performed.   

For your Keenetic to have a network packet capture setting in its web interface, you need to install the 'Packet capture' OS component. You can do this on the 'General system settings' page in the 'Updates and component options' section by clicking on 'Component options'.

en-Packet_capture1.jpg

To capture network packets, go to the 'Diagnostics' page. In the 'Packet capture' section, click 'Create a capture rule'.

en-Packet_capture2.jpg

'Packet capture settings' window will open, where you must specify the 'Connection' (the interface from which you want to capture packets). In most cases, this is an active interface for connecting to the Internet - 'Provider'. If you use PPTP, L2TP, PPPoE or 3G/4G modem when connecting to the Internet, in these cases, specify the appropriate interface.

In some cases, traffic on the 'Home segment' interface may also be of interest.

NOTE: Important! It is impossible to capture packets between Wi-Fi-connected clients, as they are handled at the hardware level of the Wi-Fi chipset for maximum performance.

Specify the 'Storage location' of the packet capture file. If your Keenetic has a USB port for external drives, we recommend using it to save the file. Otherwise, the packet capture file will be stored in the internal memory of the device.
In the 'Traffic type to capture' field, you can select a value, depending on which traffic you want to capture - incoming, outgoing, or both (default).

If necessary, you can apply a filter in the 'Capture filter' field to reduce the amount of captured traffic and save memory space for the data you are interested in. The filter syntax is the same as in Wireshark. For example, with the filter 'host 192.168.1.33 and port 53', only DNS traffic from the host 192.168.1.33 will be captured. If nothing is specified in the 'Capture filter' field, all network packets will be captured, but in this case, the packet dump file will be larger in size.
Examples of using filters:

ip host x.x.x.x.x - a filter that captures packets only with the address x.x.x.x.x.
tcp dst port 80 - a filter that only captures HTTP packets (destination port tcp 80)
ip proto \icmp - a filter that captures only icmp-requests (ping)
udp port 53 - a filter that captures the exchange of queries and responses with the DNS server

Leave the remaining fields set to their default values.

en-Packet_capture3.jpg

For more information on all the settings, see the article 'Advanced Network Capture Configuration'.

You can now proceed to start capturing packets.

NOTE: Important! Capture the packets in such a way that you can see the traffic information when a problem occurs. It is recommended that you start capturing dumps (packet captures) before the problem occurs.

Click the 'Start' button to start the created rule.

en-Packet_capture4.jpg

The router will start collecting network packets.
After the problem has been reproduced, you must stop capturing packets by clicking the 'Stop' button.

en-Packet_capture5.jpg

If a USB drive is specified in the 'Storage location' field, the network packet capture file will be saved to it. If the location is set to 'Internal Memory', click 'Save to computer'.

en-Packet_capture6.jpg

You will be prompted to save the file in the *.pcapng format, which contains the captured network packets.

en-Packet_capture7.png

Use the Wireshark network traffic analyzer tool to view the packet dump file on your computer.

TIP: Tips:

1. If you plan to contact our technical support service with a description of the problem that is observed, then in addition to the received file with the dump of network packets (*.pcapng), be sure to attach a self-test.txt diagnostic file, which will help our engineers to solve the problem faster.

2. When debugging problems with multicast (IPTV/VoIP), it is recommended to disable the system's 'Network Accelerator' component in the router before starting to collect packets.

 

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.