Use Packet Monitor to capture packet (For Vigor3900/2960)

Capturing packets is always a useful way to help network administrators troubleshoot a network problem. We already have the Switch Port Mirror feature that can copy the packets and then send them to a mirroring port, but it requires an additional computer on the mirroring port for capturing packets. Packet Monitor is the feature that allows the administrator to do the packet capture on Vigor3900 itself easily. Below are the steps for using Packet Monitor:

1. Go to Diagnostics >> Data Flow Monitor >> Packet Monitor,

1. Select Packet count, which is the packet numbers that Vigor3900 will capture
2. Select the Interface from which packets will be captured
3. Enter a Host IP to capture packets by filtering the specified host IP
4. Enter a Port number to capture packets by filtering the specified port

2. Click Start to capture packets.

3. We can click Stop to finish capturing or wait for Vigor3900 to stop automatically (it will stop when the captured packets reach the Packet count we selected). After it stopped, Vigor3900 will display the captured packets sort by IP address; however, only packets with TCP and UDP protocol will be displayed here.

4. Click Detail to view the session information.

5. To see the whole packets or packets with other protocols, such as ARP, ICMP, and so on, we may click Download to download the packet file, which is named packet_monitor.pcap, then view it by Wireshark.

NOTE: The captured packets file will be deleted by Vigor automatically after 30 minutes.

6. If Vigor3900's WAN connection cannot dial-up, we can use Packet Monitor to capture packets for figuring out the problem also. For this case, we could do the capture by selecting Interface ALL and do not specify any host or port. Then download the packets and use Wireshark to check the problem.

NOTE: Although Packet Monitor is an easier way to capture packets for analysis, it cannot capture packets that have been accelerated by the coprocessor. Therefore, we will still need to capture packets by the switch mirror port with an additional computer in some cases (See Capture Packets on Router's WA)