104 Chapter 5 Packet capture

PCAP initially occurs to the RAM buffer. A low priority task writes the RAM buffer to disk files, called the disk capture files. Although you can set the maximum size of this file, when the maximum file size is reached, PCAP can continue writing the captured data. You specify the directory where to save the files, and you use the automatic backup option (specific backup) to copy or move the files to another machine. If you use the automatic backup option, you must specify the path that specific backup uses to save PCAP files. If you want to back up a file every time the file changes, select auto trigger for the specific backup. For more information about automatic backup, see “Automatic backups” on page 52.

If you set the size of a disk capture file to a value other than 0, PCAP automatically saves the capture in a file and creates a new file with a name as follows:

<prefix>YYMMDD.<extNr>

where:

<prefix> is a two-digit prefix derived from the capture name that identifies the capture.

YYMMDD is the year, month, and day

<XXX> is a monotonically incrementing number that is the file extension.

The default value for the buffer size is:

minimum 5 packets when capturing packets on disk, with no packet loss

minimum 20 packets when capturing packets on disk, with packet loss

1 megabyte (Mbyte) for capturing packets in RAM

PCAP features

Packet capture enables the VPN Router to perform the following tasks:

simultaneously capture network traffic at different sources (physical interfaces, tunnels, and the VPN Router as a whole)

capture inbound or outbound traffic, or both

NN46110-602

Page 104
Image 104
Nortel Networks NN46110-602 manual Pcap features