About the Port Capture Tab
Click here to see this page in full context

Landslide Performance Test System – Release 24.3 September 2024

About the Port Capture Tab

Use the Port Capture tab in the Test Session window to configure your PCAP Captures from within the test session. WLAN capture configuration is also available to support Wifi.

Port Capture (PCAP) is also supported by :

NOTE: The Port Capture tab is persistent and lists the available ports for PCAP Capture.

PCAP C&I Analysis: Select to have the Test Server (s) collect, integrate and analyze PCAPs, providing a zip file with Wireshark files to show UE contextual information. When enabled, PCAPs cannot be manually started / stopped and stop triggers are disabled.   

Enabling the PCAP C&I Analysis parameter instructs each Test Server to combine locally generated PCAPs (on interfaces where OnStart is selected) with PCAPs from any SUT-Query/Pcap Test Cases. The merged pcaps will be stored in the integrated_pcap.zip file, with date/time/ts-index prefixed by the TAS and displayed on the LandSlide Test Results Page.

NOTE: 

  • Test sessions saved in older releases that are using legacy port capture will now prompt with this message when you attempt to save or run them.

 

Enable IE Validation : Select for Initial support for UI based IE Validation for 4G, 5G Core and Service Based Interfaces. This is a licensed feature.

Associate Captures with Test Session (ACTS) Select to have PCAP Files tied to your test session.
  • Multiple test sessions can capture on the same port and get their own result file.

  • Starting and Stopping the capture only affects the capturing for the specific test.

  • When test completes or just captures are stopped, the result files are associated with and located with test session results.

  • When generating TAC from GUI Client (from Reports Menu bar), you have option to include PCAPs as generic result file.

  • When you have end of test TAC Report generated (from Report Options), it will include PCAPs.

  • Applies to ETH, WLAN, and WWAN/OTA ports.

  • For VisionWorks, ACTS is required for PCAP links to work.

NOTEs:
  • Each file will contain all information from all tests running on that port, during the time that the test is running
  • ath10k WLANs have a limitation. If you let the test completion auto-stop the capture you may not get the full or any PCAP.  These ports require more time to generate the PCAP before the TAS can retrieve and you if have issues you can either manually stop the capture before the test completes, or else do not use ACTS, just use it the old way.  We have put a built-in 5 second delay for ath10k WLANs for now.
  • Kernel Mode (certain vTSs) is not supported and maybe not even be gracefully handled, do not select this option if you have kernel mode vTSs.
  • If you attempt the Start Capture command before the test server is initialized for testing and ready to receive the start capture command, an error will be returned indicating "One or more TSs are not ready to support PCAP capture yet". 
  • Tcl API has optional TEST_SESSION handle and TS_INDEX arguments to indicate ACTS capture.
    • % ls::perform PortCapture $test 0 eth5 Stop

    • % ls::perform PortCapture $test 0 eth5 Retrieve D:/ -confirm

    • 07-10_04.26.36.PM__RID-2__ts0_eth5_capture.pcap

 

Associate Captures with Test Session (ACTS) Result filenames follow the same pattern as per-session results.

The YELLOW files are ACTS results, and the blue outline are the old style, not-associated with test.

ACTS capture file naming pattern: <FILE_START_DATE_TIME>__RID-<RID>__<n>_ts<TS_INDEX>__eth<n>_capture.pcap

PCAP files are generated by ACTS (Associate Captures with Test Session) with the Test Session's start time, so that all result files associated with the Test Session all show up

together. If you start and stop a capture multiple times to cause multiple files for a given port, we use an auto-incrementing extra integer to distinguish them.

If you generate multiple PCAPs during test run, start/stop/start/stop, etc. each file will be added to the results, with a different <FILE_START_DATE_TIME>.

You can have up to 8 separate PCAP files, but when you stop the PCAP the 9th time or later, it will just replace the 8th file over and over.  Thus, you can stop capture 8 times and have 8 separate files. But the 9th time you stop a PCAP, the 8__tsN_tc_port_capture.pcap file is replaced. 10th time you stop, the 8__tsN_tc_port_capture.pcap file is replaced.
Enable IE Validation

Enable IE Validation. Select for Initial support for UI based IE Validation for 4G, 5G Core and Service Based Interfaces. This is a licensed feature.

Available in AMF Nodal, AMF Node, MME Nodal, MME Node, PGW Nodal, PGW Node, Service Based Nodal, Service Based Node, SGW Nodal, SGW Node, SMF Nodal, SMF Node and UPF Nodal, UPF Node.

Additional details in topic IE Validation Tool. For list of messages that are currently supported, please refer to the message table.
Active Available for selection when a test is running. Use this option to Start or Stop Port Capture. You can capture packets for a maximum of 8 ports at a time per test server.
NOTEs:
  • You may Start/Stop pcap at any point and multiple times when the test is running. Port capture is considered On when the Active checkbox is set until the PCAP file is transferred to the TAS. While ON, you cannot start another port capture, errors will occur.
  • If you click to remove selection (un-check) the Capture check boxes corresponding to required port, a Capture File Information dialog displays.
  • The capture file is copied to the Test Results area (See About Test Results).           
OnStart Available for selection when a test is not running. Select OnStart to inform the TAS-TSs to start the Port Capture when the test is started.
NOTEs:
  • When you run a test with OnStart selected, the Active column is automatically selected to indicated the eth port capture has begun.
  • Do Not select "OnStart" for WLANs that are in AP Mode. The "Active" button can be selected once the test goes to RUNNING State.
 
TS, Port, Configuration/Filter TS/Port: Indicates the Test Server and Port for capture. Configuration/Filter: Available for Editing when a test is not running. The Configuration/Filter allows you to set up a filter on various fields of outer IP header.
NOTE: When using Virtual TAS, only configure one ETH port as there is one capture done for entire TS.

Type

Valid options are: continuous, snapshot or circular

  • Select snapshot or circular to indicate captures of a specified number of messages (RAM based PCAP). Up to 2G buffer , an error will occur if the TS does not have enough memory to support the size of buffer.
NOTE: For a RAM based pcap, all messages are kept in memory until the pcap is stopped, either after gathering the number of messages entered or when the test is completed. The contents are then written to the pcap file.  
  • Select continuous to specify file based PCAP.
NOTEs:
  • For a continuous pcap, all messages are captured until the test completes and the messages are written to a file as they are received, that is, they are not held in RAM.
  • Continuous pcap capture is not the best option for high or "bursty" traffic. Select circular instead.  
  • For a continuous pcap, there is no pcap size limit.
  • For a circular capture, the pcap size limit is defined through the GUI. The upper limit is 2000 MB. However, the pcap does not stop once the upper limit is reached, the newest packets will squeeze out the older ones.  
  • The upper limit for snapshot is 1000000 and the pcap will stop once the upper limit is met.
  • The produced capture (.pcap) file is in a compressed format, thus it's disk size may appear smaller than expected.

 

# of Messages

Available if you select Type option as snapshot or circular. It is mandatory to enter the number of messages.
Trim Packets to (bytes

Select Trim Packets to (bytes) to specify how many bytes of each packet to retain in a PCAP, essentially truncating packets to allow more packets to be captured.

Must be greater than or = to zero (0) and less than or equal to 2000.
Use pcap-filter

This option provides a flexible solution for filtering PCAPs.

Select Use pcap-filter - this is the standard tcpdump/libpcap capture filtering syntax. Note this capture filter is incompatible with display filter. This option is only applicable for ETH and WWAN ports.

NOTE: tcpdump requires root privileges to run on Landslide systems.

Reference and examples for the filtering syntax: https://www.tcpdump.org/manpages/pcap-filter.7.html

Click the Validate Syntex button to generate CLI command to validate syntax using tcpdump.

You can copy the sample commands and try to execute them in a shell.
The REFERENCE button will bring you to the syntax reference page on the web.
The Help button will bring you to the Help page for Port Capture.

For example, if you wish to capture only GTP packets over S1-U interface that have inner packets of DNS query and response. Use the following steps:
1.    Run a scaled down, single subscriber test to obtain a sample pcap, if there isn’t one available. If desired, use filter “udp port 2152” for GTP packets. Let’s call this capture file as test.pcap.
2.    Next, enhance the “udp port 2152” filter to only filter out DNS inner packets. DNS are inner UDP packets using source or destination port 53. pcap-filter does not recognize inner GTP tunneled packets, thus you need to use generic offset comparisons. To test , replay test.pcap and try out for the full filter. Command is: tcpdump -r test.pcap 'udp[38:2]==53 || udp[40:2]==53'
3.    You will notice only desired packets show up. So the full pcap-filter should be: udp port 2152 && (udp[38:2]==53 || udp[40:2]==53)

Examples
Bidirectional packets to or from a particular address (if tunneled, outer packet address). - host 1.1.1.1

Unidirectional packets from a particular address or to a particular address  (if tunneled, outer packet address). - src 2000::100:1 || dst 2000::100:200

Bidirectional packets to or from MAC address fa:16:3e:a7:be:01, plus all Ethernet broadcast packets (such as ARP). - ether host fa:16:3e:a7:be:01 || ether dst ff:ff:ff:ff:ff:ff

Bidirectional GTP-u packets with inner packets between 10.8.8.8 and 10.8.9.9. Assuming UDP header is 8 bytes, GTP with sequence number header is 12 bytes. - udp port 2152 && ( (udp[32:4]==0x0a080808 || udp[32:4]==0x0a080909) && (udp[36:4]==0x0a080808 || udp[36:4]==0x0a080909) )

Protocol

Select the ALL or the required protocol from the list.

Filter:

Source IP: Port

Destination IP: Port

Select the required IP Filter and enter the IP address and Port, example, 10.0.0.1:2001.

NOTE: Port number is optional and applies only for TCP, UDP and SCTP protocols, that are port based transport layer.

 

Triggers to Stop Capture

Available when you configure one or more of the eth ports used in the test session to start port capture OnStart.

You may add one or more pass/fail criteria as triggers to stop the port capture.

To add Pass/Fail Criteria as triggers to stop port capture:

  1. Select OnStart for the required eth port, then select the eth port to add Trigger Criteria.
  2. Click to display Pass/Fail Criteria as Triggers to Stop Port Capture window with a list of Pass/Fail Criteria specified in the Test Session.

You may select multiple criteria and click OK to add them to the eth port.

NOTE: Adding the same criterion twice ignores the duplicate addition.

When you run a test with Trigger Criteria, the Active column is automatically selected to indicated the eth port capture has begun, and when the criteria is reached, the capture stops.

In the example below, when the test session reaches Step 4 of automation control, the capture on eth4 is be stopped.

 

NOTE: The triggers are OR-ed, not AND-ed. If any single criterion trigger occurs, the port capture will be stopped.  Once stopped, no other Criteria affects the stopped eth port, even if other criteria occur.

Start/Stop Port Capture

When running a test, you can start and stop the port capture by selecting a Test Server in the Active column.    When you start port capture from the test session, it includes the configuration/filter you set.  

NOTE:

The packet capture function is a tool provided for debugging purposes. It is CPU intensive and is not recommended for use under heavy load.

You can have up to 8 separate PCAP files, but when you stop the pcap the 9th time or later, it will just replace the 8th file over and over.

 

WLAN PCAP Capture Configuration

The Wifi Packet Capture and sniffer capability is controlled by a separate python command line script that will capture all the packets and do necessary post processing. The script is started/stopped via the usual Landslide based capture mechanism. The Capture has two modes, Radiotap (Clients and Capture on the same Wlan) and Sniffer (Separate Wlan dedicated for capture only, NO Clients).

Each mode has its advantages/disadvantages.

MODE

Advantages

Disadvantages
Radiotap

  • No need to know/specify channel and width in advance

  • Usage is most similar to familiar eth capture, i.e. click it & forget it

  • Don’t need to reserve/dedicate separate Wlan just for capture purposes

  • Since the capture is at kernel interface, not a true OTA capture,  some of the 802.11 control packets that are offloaded to the firmware (namely the various acks) will not be captured

  • For captures on an AC card, need to capture as ascii text and then post process each packet before converting to binary format, this has several implications

  • Creates large ascii text files when performing capture without limiting via filtering. These large files can take several minutes to process and will not appear in the TAS results window until post processing is complete. DO NOT RERUN test case until processing is complete otherwise manual intervention may be required to correct
Sniffer

  • Captures true OTA Packets

  • All captures in native binary format thus no post processing necessary

  • Must know the channel and width of client that will be connecting to in advance of running, this may be an issue when trying to connect to Any BSSID.

  • Requires dedicated WLAN for Sniffer capture, (No clients on dedicate WLAN)

 

IMPORTANT: AC Radiotap full capture with NO Filter can create large ascii text files.  These large files can take several minutes to process and will not appear in the TAS results window until post processing is complete. DO NOT RERUN test case until processing is complete otherwise manual intervention (killing python script and deleting old captures) may be required to correct.

**Manual Intervention - If running out of disk space due to large ascii wlan pcap text files - SSH to Test Server and CD to /usr/log and perform an "ls -l wlan*", if large files are found:

1. Perform a "ps aux' to see if any phython scripts, or tcpdump or tshark process are running; and Kill - 9 (to stop phython script, or tcpdump or tshark process).  

2. Delete old Wlan files

 

Click here to learn more about Wireless Sniffer Traces.

NOTE:  For AC card type, Port capture (Active or OnStart) cannot execute when more than 63 UEs are configured. You will receive the following popup error:  

 

 

The Capture has two modes based on whether or not the radio is being used in a UE group. If the radio is not associated with a UE Group, then the capture is in Sniffer mode and you must select a channel (and optional width) to listen on. If the radio is associated with a group, do not select a channel.

The features and capability of the script are shown in the following usage:

Usage: wifiPcap [data] [mgmt] [cntl] [include=<subTypeList>] [exclude=<subTypeList>] [<macAddr>] <interface> [<channel>[:<width>]]

# of Messages Number of Messages in Capture - Default = 100K
NOTE: All existing Type=Continuous configurations will automatically default to a snapshot of 100K messages since Type is no longer supported.
 
Data Packets Capture Only 802.11 data packets
Management Packets Capture Only 802.11 Management packets
Control Packets Capture Only 802.11 Control  packets
Sub-Type Filters Enable to Use the subtype filters - may include or exclude from list.
Include Specify list of 802.11 subtypes to include
Exclude Specify list of 802.11 subtypes to exclude  

SubTypeList

Comma separated list of 802.11 subtypes to include or exclude.

 

Valid Data subtypes : qos-data-cf-ack-poll, qos-data, data-cf-ack-poll, cf-poll, null, qos-data-cf-poll,

    data-cf-poll, data-cf-ack, qos-null, qos-cf-poll, cf-ack, data,

    qos-cf-ack-poll, qos-data-cf-ack, cf-ack-poll

 

Valid Management Subtypes: deauth, probe-req, reassoc-req, auth, reassoc-resp, beacon,

    disassoc, assoc-resp, atim, assoc-req, probe-resp, action

   

 

valid control subtypes are:  cf-end, block-ack-req, block-ack, cts, ack, cf-end-ack, rts, ps-poll

 
MAC Address Capture only specified Mac Address packets (send and receive)
Channel Optional channel to capture on. Valid Channels are: 1-11,36,40,44,48,52,56,60,64,149,153,157,161,165
Width Optional channel width - Valid values are 20, 40 and 80. 20 - Corresponds to N Card 2.4GHz, 40 - Corresponds to N Card 5.0GHz, 80 - Corresponds to AC Card.

Learn more about:

© 2024 Spirent Communications Inc. All Rights Reserved.