Blue Coat Systems Blue Coat Systems SG Appliance, SGOS Version 5.2.2 Configuring Packet Capturing

Page 53

Chapter 4: Diagnostics

Note: Some qualifiers must be escaped with a backslash because their identifiers are also keywords within the filter expression parser.

❐ip proto protocol

where protocol is a number or name (icmp, udp, tcp).

❐ether proto protocol

where protocol can be a number or name (ip, arp, rarp).

Table 4-1. PCAP Filter Expressions

Filter Expression	Packets Captured

ip host 10.25.36.47	Captures packets from a specific host with IP address
	10.25.36.47.

not ip host 10.25.36.47	Captures packets from all IP addresses except
	10.25.36.47.

ip host 10.25.36.47 and ip	Captures packets sent between two IP addresses:
host 10.25.36.48	10.25.36.47 and 10.25.36.48.
	Packets sent from one of these addresses to other IP
	addresses are not filtered.

ether host 00:e0:81:01:f8:fc	Captures packets to or from MAC address
	00:e0:81:01:f8:fc:.

port 80	Captures packets to or from port 80.

ip sr www.bluecoat.com and	Captures packets that have IP source of
ether broadcast	www.bluecoat.com and ethernet broadcast
	destination.

Using Filter Expressions in the CLI

To add a filter to the CLI, use the command:

SGOS# pcap filter expr parameters

To remove a filter, use the command:

SGOS# pcap filter <enter>

Important: Define CLI filter expr parameters with double-quotes to avoid confusion with special characters. For example, a space is interpreted by the CLI as an additional parameter, but the CLI accepts only one parameter for the filter expression. Enclosing the entire filter expression in quotations allows multiple spaces in the filter expression.

Configuring Packet Capturing

Use the following procedures to configure packet capturing. If a download of the captured packets is requested, packet capturing is implicitly stopped. In addition to starting and stopping packet capture, a filter expression can be configured to control which packets are captured. For information on configuring a PCAP filter, see "Common PCAP Filter Expressions" above.

53

Image 53

Contents Blue Coat Systems SG Appliance Contact Information Contents Diagnostics Appendix a Glossary Index Volume 9 Managing the Blue Coat SG Appliance Document Conventions About Managing the SG ApplianceVolume 9 Managing the Blue Coat SG Appliance Automatically Registering the SG Appliance with Director Using Director to Manage SG SystemsDirector Registration Requirements Related CLI Commands for Director RegistrationRegistering the SG Appliance with Director To register the appliance with a DirectorTo view the fingerprint of the key Setting up Director and SG Appliance CommunicationSystem Summary Monitoring the System and DisksTo delete a key To view the system summary statisticsTo view the system environment statistics Viewing System Environment SensorsTo view disk status or take a disk offline Viewing Disk StatusConfiguring Which Events to Log Setting Up Event Logging and NotificationViewing SSL Accelerator Card Information To view SSL accelerator cardsRelated CLI Commands for Setting the Event Logging Level Setting Event Log SizeRelated CLI Commands to Set the Event Log Size Enabling Event NotificationSyslog Event Monitoring To enable event notificationsRelated CLI Commands to Enable Event Notifications Viewing the Event Log Configuration Viewing Event Log Configuration and ContentTo enable syslog monitoring Related CLI Commands to Enable Syslog MonitoringViewing the Event Log Contents To enable and configure Snmp Configuring SnmpRelated CLI Commands to Enable and Configure Snmp Enabling SnmpTo set or change community strings Configuring Snmp Community StringsRelated CLI Commands for Enabling Snmp Traps Configuring Snmp TrapsTo enable Snmp traps Health Monitoring Requirements Configuring Health MonitoringAbout Health Monitoring About the Health Monitoring Metric TypesAbout License Expiration Metrics Health Monitoring ExampleAbout the Licensing Metrics About Health Monitoring NotificationAbout the General Metrics Metric Threshold States and Corresponding Values About the Status MetricsTo change the threshold and notification properties Changing Threshold and Notification PropertiesGetting a Quick View of the SG Appliance Health To review the health monitoring statistics Viewing Health Monitoring StatisticsRelated CLI Syntax to View Health Monitoring Statistics TroubleshootingVolume 9 Managing the Blue Coat SG Appliance To restart the SG appliance Restarting the SG ApplianceHardware and Software Restart Options Restore-Defaults Restoring System DefaultsKeep-Console Factory-DefaultsClearing the DNS Cache To restore system defaultsClearing the Object Cache To clear the DNS cacheClearing the Byte Cache Troubleshooting TipClearing Trend Statistics Upgrading the SG ApplianceTo upgrade the SG appliance SG Appliance 5.x Version UpgradeRelated CLI Syntax to Upgrade the Sgos Software To view details for an Sgos system version To view Sgos system replacement optionsManaging SG Appliance Systems To set the SG appliance to run on the next hardware restart Setting the Default Boot SystemExample Session Replacing an SG Appliance System Locking and Unlocking SG Appliance SystemsTo lock a system To unlock a systemDisk Reinitialization Deleting an SG Appliance SystemMulti-Disk SG Appliances To delete a systemDeleting Objects from the SG Appliance Single-Disk SG ApplianceTo delete a single object from the SG appliance To delete multiple objects from the SG applianceDiagnostics To send service information automatically Diagnostic Reporting Service InformationSending Service Information Automatically To manage bandwidth for service information Managing the Bandwidth for Service InformationRelated CLI Syntax to Send Service Information To send service information Configure Service Information SettingsSGOS#diagnostics service-info subcommands To edit an existing snapshot job Creating and Editing Snapshot JobsTo create a new snapshot job Related CLI Syntax to Edit an Existing Snapshot Job Following subcommands are availableCommon Pcap Filter Expressions Packet Capturing the Job UtilityPcap File Name Format Using Filter Expressions in the CLI Configuring Packet CapturingTo enable, stop, and download packet captures Diagnostics Viewing Current Packet Capture Data Related CLI Syntax to Define Packet Capturing SettingsCore Image Restart Options To configure core image restart optionsUploading Packet Capture Data To view current packet capture statisticsRelated CLI Syntax to Manage Heartbeats and Monitoring Diagnostic Reporting HeartbeatsTo set daily heartbeats and/or Blue Coat monitoring Related CLI Syntax to Configure and View CPU Monitoring Diagnostic Reporting CPU MonitoringTo configure and view CPU monitoring Volume 9 Managing the Blue Coat SG Appliance Selecting the Graph Scale StatisticsTraffic Mix Viewing Traffic Distribution StatisticsAbout Bypassed Bytes Understanding Chart DataRefreshing the Data To view bandwidth usage or gain statistics About the Default Service StatisticsViewing Bandwidth Usage or Gain To view client and server byte statistics Viewing Client Byte and Server Byte Traffic DistributionViewing Traffic History Supported Proxy Types and Services Unsupported Proxy Types Viewing Bandwidth Management Statistics Viewing the ADN HistoryViewing Protocol Statistics To view client and server byte or bandwidth gain statisticsSSL History Resources Statistics Viewing System StatisticsViewing CPU Utilization To view CPU utilizationTo view concurrent users Viewing Concurrent UsersViewing Memory Use Statistics Viewing Disk Use StatisticsTo view disk use statistics To view memory use statisticsTo view data allocation statistics Viewing Data Allocation Statistics in RAM and on DiskContents Statistics To view the event log Event Logging StatisticsTo view failover statistics Failover StatisticsActive Sessions-Viewing Per-Connection Statistics Viewing Proxied Sessions Analyzing Proxied SessionsAbout the Proxied Sessions Statistics To view proxied sessionsProvided. See Viewing Sessions with Multiple Connections on Cache Hit Is unavailable if the content is non-cacheable or for Cifs Viewing Sessions with Multiple Connections Using the Tool TipsAbout MMS Streaming Connections MMS Understanding the Tree ViewAbout the Byte Totals What Is Not DisplayedFiltering the Display Analyzing Bypassed Connections Statistics Viewing Html and XML Views of Proxied Sessions DataTo view bypassed connections Viewing Bypassed ConnectionsAbout the Bypassed Connection Statistics 14. Filter Drop-Down List Viewing Html and XML Views of Bypassed Connections Data Viewing the Access LogViewing Health Monitoring Statistics Viewing Health Check StatisticsUsing the CLI show Command to View Statistics Statistics Volume 9 Managing the Blue Coat SG Appliance Appendix a Glossary URL Appendix a Glossary Drtr Icmp Volume 9 Managing the Blue Coat SG Appliance MACH5 MIB NTP 100 Network Tunneling tab 102 103 104 Index 106 Snmp 108