xref: /dpdk/doc/guides/tools/dumpcap.rst (revision 29f3465c8a73b9b93aaeb68a32719f292bf06e06) 
1cbb44143SStephen Hemminger..  SPDX-License-Identifier: BSD-3-Clause
2cbb44143SStephen Hemminger    Copyright(c) 2020 Microsoft Corporation.
3cbb44143SStephen Hemminger
4cbb44143SStephen Hemmingerdpdk-dumpcap Application
5cbb44143SStephen Hemminger========================
6cbb44143SStephen Hemminger
7cbb44143SStephen HemmingerThe ``dpdk-dumpcap`` tool is a Data Plane Development Kit (DPDK)
8cbb44143SStephen Hemmingernetwork traffic dump tool.
9cbb44143SStephen HemmingerThe interface is similar to the dumpcap tool in Wireshark.
10cbb44143SStephen HemmingerIt runs as a secondary DPDK process and lets you capture packets
11cbb44143SStephen Hemmingerthat are coming into and out of a DPDK primary process.
12cbb44143SStephen HemmingerThe ``dpdk-dumpcap`` writes files in Pcapng packet format.
13cbb44143SStephen Hemminger
14cbb44143SStephen HemmingerWithout any options set, it will use DPDK to capture traffic
15cbb44143SStephen Hemmingerfrom the first available DPDK interface
16cbb44143SStephen Hemmingerand write the received raw packet data,
17cbb44143SStephen Hemmingeralong with timestamps into a pcapng file.
18cbb44143SStephen Hemminger
19cbb44143SStephen HemmingerIf the ``-w`` option is not specified, ``dpdk-dumpcap`` writes
20cbb44143SStephen Hemmingerto a newly created file with a name chosen
21cbb44143SStephen Hemmingerbased on interface name and timestamp.
22cbb44143SStephen HemmingerIf ``-w`` option is specified, then that file is used.
23cbb44143SStephen Hemminger
24cbb44143SStephen Hemminger.. note::
25cbb44143SStephen Hemminger
26cbb44143SStephen Hemminger   * The ``dpdk-dumpcap`` tool can only be used in conjunction with a primary
27cbb44143SStephen Hemminger     application which has the packet capture framework initialized already.
28cbb44143SStephen Hemminger     In DPDK, only the ``dpdk-testpmd`` is modified to initialize
29cbb44143SStephen Hemminger     packet capture framework, other applications remain untouched.
30cbb44143SStephen Hemminger     So, if the ``dpdk-dumpcap`` tool has to be used with any application
31cbb44143SStephen Hemminger     other than the ``dpdk-testpmd``, user needs to explicitly modify
32cbb44143SStephen Hemminger     that application to call packet capture framework initialization code.
33cbb44143SStephen Hemminger     Refer ``app/test-pmd/testpmd.c`` code to see how this is done.
34cbb44143SStephen Hemminger
35cbb44143SStephen Hemminger   * The ``dpdk-dumpcap`` tool runs as a DPDK secondary process.
36cbb44143SStephen Hemminger     It exits when the primary application exits.
37cbb44143SStephen Hemminger
38cbb44143SStephen Hemminger
39cbb44143SStephen HemmingerRunning the Application
40cbb44143SStephen Hemminger-----------------------
41cbb44143SStephen Hemminger
42cbb44143SStephen HemmingerTo list interfaces available for capture, use ``--list-interfaces``.
43cbb44143SStephen Hemminger
44cbb44143SStephen HemmingerTo filter packets in style of *tshark*, use the ``-f`` flag.
45cbb44143SStephen Hemminger
46*29f3465cSBen MagistroTo capture on multiple interfaces at once, use multiple ``-i`` flags.
47cbb44143SStephen Hemminger
48cbb44143SStephen Hemminger
49cbb44143SStephen HemmingerExample
50cbb44143SStephen Hemminger-------
51cbb44143SStephen Hemminger
52cbb44143SStephen Hemminger.. code-block:: console
53cbb44143SStephen Hemminger
54cbb44143SStephen Hemminger   # <build_dir>/app/dpdk-dumpcap --list-interfaces
55cbb44143SStephen Hemminger   0. 000:00:03.0
56cbb44143SStephen Hemminger   1. 000:00:03.1
57cbb44143SStephen Hemminger
58*29f3465cSBen Magistro   # <build_dir>/app/dpdk-dumpcap -i 0000:00:03.0 -c 6 -w /tmp/sample.pcapng
59cbb44143SStephen Hemminger   Packets captured: 6
60cbb44143SStephen Hemminger   Packets received/dropped on interface '0000:00:03.0' 6/0
61cbb44143SStephen Hemminger
62cbb44143SStephen Hemminger   # <build_dir>/app/dpdk-dumpcap -f 'tcp port 80'
63cbb44143SStephen Hemminger   Packets captured: 6
64cbb44143SStephen Hemminger   Packets received/dropped on interface '0000:00:03.0' 10/8
65cbb44143SStephen Hemminger
66cbb44143SStephen Hemminger
67cbb44143SStephen HemmingerLimitations
68cbb44143SStephen Hemminger-----------
69cbb44143SStephen Hemminger
70cbb44143SStephen HemmingerThe following option of Wireshark ``dumpcap`` is not yet implemented:
71cbb44143SStephen Hemminger
72cbb44143SStephen Hemminger   * ``-b|--ring-buffer`` -- more complex file management.
73cbb44143SStephen Hemminger
74cbb44143SStephen HemmingerThe following options do not make sense in the context of DPDK.
75cbb44143SStephen Hemminger
76cbb44143SStephen Hemminger   * ``-C <byte_limit>`` -- it's a kernel thing.
77cbb44143SStephen Hemminger
78cbb44143SStephen Hemminger   * ``-t`` -- use a thread per interface.
79cbb44143SStephen Hemminger
80cbb44143SStephen Hemminger   * Timestamp type.
81cbb44143SStephen Hemminger
82cbb44143SStephen Hemminger   * Link data types. Only EN10MB (Ethernet) is supported.
83cbb44143SStephen Hemminger
84cbb44143SStephen Hemminger   * Wireless related options: ``-I|--monitor-mode`` and  ``-k <freq>``
85cbb44143SStephen Hemminger
86cbb44143SStephen Hemminger
87cbb44143SStephen Hemminger.. note::
88cbb44143SStephen Hemminger
89cbb44143SStephen Hemminger   * The options to ``dpdk-dumpcap`` are like the Wireshark dumpcap program
90cbb44143SStephen Hemminger     and are not the same as ``dpdk-pdump`` and other DPDK applications.
91