Packet Trace Local

Packet Trace Local enables the Oracle® Enterprise Session Border Controller to capture traffic between two endpoints, or between itself and a specific endpoint. To accomplish this, the Oracle® Enterprise Session Border Controller replicates the packets sent and received and saves them to disk in .PCAP format.

The default packet trace filter uses the specified interface to capture both ingress and egress traffic. The command syntax differs based on platform. To specify captured traffic, the user can append the command with a PCAP filter enclosed in quotes. PCAP filter syntax is widely published.

While capturing, the system displays the number of packets it has captured and prevents the user from entering any other ACLI commands from that session. On DPDK systems, you stop captures using the command line syntax with the stop argument. On all other platforms, you terminate the capture by pressing Ctrl+C.

By default, the system saves the .PCAP file in /opt/traces, naming it with the applicable interface name as well as the date and time of the capture. Alternatively, the user can specify file name using the system supports the PCAP filter flags -w.

The system rotates the PCAPs created in this directory by size. The last 25 files are kept and are rotated when they reach 100 MB. If there are capture files in the /opt/traces directory when this command is run, the system prompts the user to remove them before running new captures. If preferred, the user can decline this file deletion.

Local packet capture is dependent on access control configuration, not capturing any denied traffic.

Note:

Although local packet trace captures and re-assembles fragmented packets, it does not recognize and show fragmentation within the context of the capture.