How to capture packets for a specific port number via CLI on the USG FLEX H model?

Zyxel_Jeff

Question :

How to capture packets for a specific port number via CLI on the USG FLEX H model?

Answer :

The user can use the CLI command traffic-capture interface <interface-name> filter 'port <number>' to capture packets for a specific port number.

For instance, the user can use the CLI command show interface to list the current interfaces, and then use traffic-capture ge1 filter 'port 443' to capture packets with port 443 on the ge1 interface.

usgflex200h> show interface 

No.Name Status    Ip Address   IP Assignment Interface Type  ====

1  ge1            UP        10.214.48.46/24      DHCP client    ethernet        

2  ge2           UP        10.214.48.52/24     DHCP client    ethernet        

3  ge3           UP        192.168.168.1/24       Static         ethernet        

4  ge4           DOWN     192.168.169.1/24   Static         ethernet        

====

usgflex200h> cmd traffic-capture ge1 filter 'port 443'
tcpdump2: verbose output suppressed, use -v or -vv for full protocol decode
listening on ge1, link-type EN10MB (Ethernet), capture size 262144 bytes
18:00:31.626678 d2:ec:32:78:a1:18 > d8:ec:e5:5c:0e:64, ethertype IPv4 (0x0800), length 60: 52.123.128.14.443 > 10.214.48.46.47013: Flags [.], ack 4134990991, win 16385, length 0
18:00:31.627661 d8:ec:e5:5c:0e:64 > d2:ec:32:78:a1:18, ethertype IPv4 (0x0800), length 1494: 10.214.48.46.47013 > 52.123.128.14.443: Flags [.], seq 1:1441, ack 0, win 1029, length 1440
18:00:31.627734 d8:ec:e5:5c:0e:64 > d2:ec:32:78:a1:18, ethertype IPv4 (0x0800), length 1494: 10.214.48.46.47013 > 52.123.128.14.443: Flags [.], seq 1441:2881, ack 0, win 1029, length 1440
18:00:31.627748 d8:ec:e5:5c:0e:64 > d2:ec:32:78:a1:18, ethertype IPv4 (0x0800), length 513: 10.214.48.46.