FMADIO100G Gen2
Home

Download

Various settings related to downloading PCAP.

API Version 1 Enable

Depending on the packet capture system the Download interface may be in Legacy mode. This modes functionality is limited in the range of API calls, specifically /api/* calls can not be used

To enable API Version 1, edit the configuration file

/opt/fmadio/etc/time.lua

Find the section ["PCAP"] example as below

["PCAP"] =
{
    ["TimeStampMode"]       = "nic",
    ["TimeResolution"]      = "nsec",
    ["TimeSortDepth"]       = 256,
    ["Decap"]               = false,
    ["Slice"]               = 0,
    ["DownloadIdleTimeout"] = 30000000000,
    ["DownloadAPI"]         = "legacy",
    ["FShark"]              = true,
},

Please change ["DownloadAPI"]= "legacy" to "v1" as below. If theres no entry, create the entry.

["DownloadAPI"]         = "v1",

It requires a browser refresh for the setting to become active.

Time Stamp Selection

FMADIO Devices use our internal FPGA NIC card for hardware timestamping on all packets. This may not be sufficient for some customers as Tap/Aggregation layers add additional non-deterministic latency due to egress port buffering.

FMADIO Packet Capture has the option to use Packet Brokers and Switch's metadata either in headers or footers. This allows ingress timestamping at the Tap/Agg layer plus gives additional port visibility and filtering capabilities.

By default FMADIO uses our internal hardware timestamps when downloading PCAPs. We support the following formats

  • FMADIO Capture Card (Default)

  • Cisco ERSPAN v3

  • Arista 7130(Metamako)

  • Arista 7150 (Overwrite mode)

  • Arista 7150 (Insert Mode)

Use the Config page on the FMADIO Capture system to select as follows

NOTE: This can be done retro-actively. e.g. Downloaded PCAPs are generated based on the timestamp selection mode. This setting does not effect the raw captured data.

Packet De-encapsulation

FMADIO System can de-encapsulate various formats both in PacketScope, Search and via the API. Please contact support if you require an additional format.

De-encapsulation means the system will strip away the encapsulation, and BPF filters are run on the inner most packet.

Supported De-Encapsulation

  • VLAN Single Tag

  • VLAN Double Tag Old style (Ether Proto 0x9100)

  • VLAN Double Tag Old style (Ether Proto 0x9200)

  • VLAN Double Tag QinQ (Ether Proto 0x88a8)

  • VNTag Cisco (Ether Proto 0x8926)

  • VXLAN (Tunnel over UDP)

  • MPLS Single

  • MPLS Double

  • MPLS Triple

  • Cisco ERSPAN v1

  • Cisco ERSPAN v2 (Over GRE tunnel)

  • Cisco ERSPAN v3 (Over GRE tunnel)

  • CAPWAP (Wireless Encapsulation over UDP)

  • Arista 7150 (Insert Mode)

  • Arista 7150 (Overwrite Mode)

  • Arista 7130 (Metamako)

  • Ixia xStream

  • Exablaze Footer

PacketScope De-encasulation

By default PacketScope enables the de-encapsulation shown below as the checkbox enabled. To disable de-encapsulation uncheck the checkbox and re-run the filters.

PreviousCaptureNextUser

Last updated