capture

Reference Documentation

product_line_custom
IntelĀ® PAC
Napatech SmartNIC
category
Reference Information
Napatech Software Suite: capture
capture

capture

The capture tool is used for storing data to disk via the segment interface. Packets captured with the -p option will have their TxPort set to match their RxPort so that packets will be transmitted on the port on which they were received, if replayed with the replay tool. This does not apply to packets captured using the -s option.

Syntax

capture [-p <port[,port]>] [-s <streamid>] [-f <file>] [-b | --bytes <bytes>[K|M|G|T] ] [-c | --count <packet_count> ] [-t | --time <duration_secs> ] [-w] [--help]

Commands
Command Description
--help, -h Show help text and exit
-f <file>, --file <file> Specify the file to write to
-w, -walk Examine (traverse) packets within segments before storing them
-p <port[,port]>, --port <port[,port]> Port to capture from, optionally a comma-separated list of ports
-s <streamid>, --stream <streamid> Stream to capture from
-b <bytes>[K|M|G|T], --bytes <bytes>[K|M|G|T] Number of bytes to capture. Optional unit K/M/G/T denotes Kilo/Mega/Giga/Tera (bytes).
-c <packet_count>, --count <packet_count> Number of packets to capture.
-t <duration_secs>, --time <duration_secs> Duration in seconds of capture session.

File
If no file is specified, the data is captured but discarded once it has been received by the tool.

File Format
If file is specified, the data is stored in a format determined by the ntservice.ini file TimestampFormat parameter.

The following file formats are selected by the capture tool:

TimestampFormat:
  NATIVE         NT
  NATIVE_UNIX    NT
  NATIVE_NDIS    NT
  PCAP           PCAP with microsecond PCAP magic ID in header
  PCAP_NS        PCAP with nanosecond PCAP magic ID in header

Note that when selecting PCAP TimestampFormat, you must also set all adapters PacketDescriptor type to PCAP.

Port(s)

Since the tool uses the segment interface, it can only capture data from ports on the same adapter. The tool creates an NTPL expression that matches the ports provided, and the tool prints the NTPL ID (identifier) on the screen. It is important to delete the NTPL ID (identifier) if the tool crashes or is terminated using other signals than: SIGINT, SIGTERM, SIGQUIT, or SIGHUP.

Streamid
Since the tool uses the segment interface, it can only capture data from a single host buffer. Streams that span more than one host buffer cannot be used.

For example, using a filter like: assign[streamid=15]=port==0,6 will fail because the ports are on two different adapters, and this will assign a host buffer for each adapter to the streamid. Also assign[streamid=15]=all will fail if there is more than one adapter present. Other filter settings that assign more than one host buffer will also fail.

Streamid and replay

A file captured using a streamid cannot be replayed as captured if the data is captured from multiple ports.

The port used when replaying the file must be a part of the filter setting like:

assign[streamid=1;txport=2]=Layer4Protocol==TCP

The txport=2 used in the assign command causes the adapter to insert the port number into the txport field of the packet descriptor. When replaying this causes all data to be transmitted on port 2, even though the data was captured on other ports. Omitting the txport command in the assign command causes all data to be replayed on port 0.

Limits

The tool runs until interrupted with ctrl-c, or until the amount of captured data exceeds a limit set with the -b and -c options, or after the duration specified with the -t option. If -b, -c, and -t are used together, the tool stops when at least one condition is met.

Note
When using limits and capturing to a file, the resulting capture file may, and generally will, contain slightly more packets than requested.

Examples

  • Capture from port 0
    capture -f file.cap -p 0
  • Capture from ports 0 and 1
    capture -f file.cap -p 0,1
  • Capture from streamid 15
    capture -f file.cap -s 15