How to: Capture traffic on your ByteBlower Port
Posted by Wouter Debie, Last modified by Pieter Vandercammen on 11 May 2020 05:18 PM
When you are testing your device with ByteBlower, you sometimes like to have a pcap-capture of the data for debugging purpose. With the ByteBlower API we can easly capture that network traffic and present it to you as a pcap-file. This feature will help you to debug quickly the problem with your device.
Let me explain how to do this.
Using the ByteBlower GUI
This is the simplest way of capturing traffic. Available since GUI v2.11, and server v2.9. Here you can see how it works :
Using the Remote Capture Tool
This used to be the simplest way of capturing traffic on your port, until we brought the capture functionality to the GUI. You just need to download and execute the tool. It can be used on Windows, Mac and Linux. Follow this link ( https://setup.byteblower.com/software.html#Tools ) to download the tool.
Using the ByteBlower lower-layer API
When you are using our TCL API to transmit your traffic you can use the Rx.Capture of a ByteBlower Port to create a capture. Using our API allows you to automate when to create a capture. Let your script determine when you need to create a capture.
All you need is the Rx.Capture.Add call on your ByteBlower Port.
Just like you add a Trigger to a ByteBlower port you can add a Capture. On this capture-object you can set a capture filter and thus define which frames you would like to see captured. After that just start the capture and you are all set. Now lets put these simple words into a working script.
For this post, we assume we have created a back-to-back scenario with:
Create a capture on the dstPort and configure it
Now you have a capture Object. Using the Tk command you can visualize it to see what you can do with this object.
It is important to set a capture filter on this capture. This will allow you to capture only the packets you are interested in.
The filter must be a BPF filter. On http://biot.com/capstats/bpf.html you can find more info on the syntax of these filters and some day-to-day examples.
Start the capture
You can start the capture now.
Now start your traffic and every frame that matches your filter will be captured. You can see how many frames have been captured with the in the result capture object
Stop the capture and get the PCAP-file
Like the start-method there is a stop method the capturing.
To retrieve your pcap-file use the Pcap.Save method.
On your disk you will find DeviceX.pcap containing the packets that matched your filter that arrived on your ByteBlower destination port (destPort). If you want, you can use Frames.Get to retrieve a TCL-list containing the packets represented in hex-encoding. This way you could use TCL to parse your retrieved packets...
You can find the api documentation of the RxCapture here: https://api.byteblower.com/tcl/classRx_8Capture_8RawPacket.html