Network packets capture

Network packet capture is a network diagnostic tool that allows you to capture and store packets passing through the router's network interfaces.

You can enable network traffic capture through the selected router's interface. As a result, a special file will be created that can then be opened for viewing and analysis on your computer in Wireshark or submitted to the support team for analysis.
The network packet dump will help you diagnose network traffic problems and analyze what happens to specific packets. Based on this information, it will be possible to draw a conclusion about the correctness or incorrectness of the routing, host or provider's gateway, to determine the causes of the problem and options for fixing them.

In order for the web configurator f your Keenetic to have a network packet capture setting, you need to install 'Packet capture' OS component. You can do this on the 'General system settings' page in the 'Updates and component options' section by clicking on 'Component options'.

en-Packet_capture1.jpg

To capture network packets, go to the 'Diagnostics' page. In the 'Packet capture' section, click 'Create a capture rule'.

en-Packet_capture2.jpg

'Packet capture settings' window opens, where you must specify the 'Connection' (the interface from which you want to capture packets). In most cases, this is an active interface for connecting to the Internet - 'Provider'. If you use PPTP, L2TP, PPPoE or 3G/4G modem when connecting to the Internet, in these cases, specify the appropriate interface.

In some cases traffic on the 'Home segment' interface may also be of interest.

Specify the 'Storage location' of the packet capture file. If your Keenetic has a USB port for external drives, we recommend that you use it to save the file. Otherwise, the packet capture file will be stored in the internal memory of the device.
In the 'Traffic type to capture' field, you can select a value, depending on which traffic you want to capture - incoming, outgoing, or both (default).

If necessary, you can apply a filter in the 'Capture filter' field to reduce the amount of captured traffic and save memory space for the data you are interested in. The filter syntax is the same as in Wireshark. For example, with the filter 'host 192.168.1.33 and port 53' only DNS traffic from the host 192.168.1.33 will be captured.
Examples of using filters:

ip host x.x.x.x.x - a filter that captures packets only with the address x.x.x.x.x.
tcp dst port 80 - a filter that only captures HTTP packets (destination port tcp 80)
ip proto \icmp - a filter that captures only icmp-requests (ping)
udp port 53 - a filter that captures the exchange of queries and responses with the DNS server

Leave the remaining fields set to their default values.

en-Packet_capture3.jpg

For more information on all the settings, see the article 'Advanced Network Capture Configuration'.

You can now proceed to start capturing packets.

NOTE: Important! Capture the packets in such a way that you can see the traffic information when a problem occurs. It is recommended that you start capturing dumps (packet captures) before the problem occurs.

Click the 'Start' button to start the created rule.

en-Packet_capture4.jpg

The router will start collecting network packets.
After the problem has been reproduced, you must stop capturing packets by clicking the 'Stop' button.

en-Packet_capture5.jpg

If a USB drive is specified in the 'Storage location' field, the network packet capture file will be saved to it. If the location is set to 'Internal Memory', click 'Save to computer'.

en-Packet_capture6.jpg

You will be prompted to save the file in the *.pcapng format, which contains the captured network packets.

en-Packet_capture7.png

Use the Wireshark network traffic analyzer tool to view the packet dump file on your computer.

TIP: Tips:

1. If you plan to contact our technical support service with a description of the problem that is observed, then in addition to the received file with the dump of network packets (*.pcapng), be sure to attach a self-test.txt diagnostic file, which will help our engineers to solve the problem faster.

2. When debugging problems with multicast (IPTV/VoIP), it is recommended to disable the 'Network Accelerator' component of the system in the router before starting to collect packets.

 

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.