Cace technologies TURBOCAP V1.0 User Manual
Gigabit Ethernet Packet Capture
User’s Guide
Copyrights
Copyright © 2008 CACE Technologies, Inc.
All rights reserved.
This document may not, in whole or part, be: copied; photocopied; reproduced; translated; reduced; or
transferred to any electronic medium or machine-readable form without prior consent in writing from
CACE Technologies, Inc.
TurboCap
Gigabit Ethernet Packet Capture
User’s Guide
Document Version: 1.0
Document Revision: June 2008
CACE Technologies, Inc.
Davis, CA 95616
(530) 758-2790
(530) 758-2781 (fax)
support@cacetech.com
http://www.cacetech.com
Contents
Contents and Figures
TurboCap .......................................................................................................3
Overview of TurboCap..................................................................................4
Terminology.............................................................................................4
Overall Description..................................................................................4
Feature Description .......................................................................................5
Concurrent capture and injection.............................................................5
Packet timestamps....................................................................................5
Dual Port Pass-thru ..................................................................................6
Multiple Port Aggregation.......................................................................7
Packet injection scheduling .....................................................................7
Link speed and auto-negotiation..............................................................7
Packet meta-information..........................................................................8
Support for multiple boards within the same PC ....................................8
Error packets ............................................................................................9
Packet snapshot........................................................................................9
Filtering ....................................................................................................9
FCS...........................................................................................................9
Support for jumbo frames......................................................................10
LED functionality ..................................................................................10
Link status ..............................................................................................10
VLAN support........................................................................................10
Statistics .................................................................................................10
Configuring TurboCap: the TurboCap Control Panel................................12
Dump-to-Disk Utility ..................................................................................15
TurboCap and Wireshark ............................................................................16
Identifying the TurboCap Ports and Boards in Wireshark ...................16
Wireshark Capture Options and the PPI Header...................................16
The TurboCap API and Developer’s Pack .................................................18
Recommended HW and Software Platforms..............................................19
Where to Learn More..................................................................................20
i
Figures
Figure 1 - TurboCap Modules.......................................................................4
Figure 2 - Dual Port Pass-thru.......................................................................6
Figure 3 - The TurboCap Control Panel.....................................................12
Figure 4 - Pass-thru Mode...........................................................................13
Figure 5 - Editing Port Names.....................................................................13
Figure 6 - TurboCap Command Prompt .....................................................15
Figure 7: The Wireshark Adapters List ......................................................16
Figure 8 – Per-Packet Information Header (PPI)........................................16
Figure 9 – PPI Fields...................................................................................17
Figure 10. TurboCap API Online Documentation......................................18
ii TurboCap User’s Guide
TurboCap
CACE Technologies’ TurboCap is feature-rich, dual-port Gigabit Ethernet
packet capture and injection solution with advanced features such as
simultaneous full-rate capture and injection, multiport traffic aggregation,
and a configurable pass-thru mode. Wireshark integration supports packet
capture using TurboCap interfaces and off-line analysis of TurboCap
capture files. A native TurboCap API and a WinPcap API are available
for writing/porting your own Gigabit Ethernet applications. TurboCap
includes a PCI Express, Dual-Port, Gigabit Ethernet Board, the TurboCap
optimized Windows driver, and user-level API interfaces.
PRODUCT FEATURES
Full-Rate Gigabit Ethernet Capture. TurboCap supports simultaneous
full-rate Gigabit caputure on both ports with precise timestamps and perpacket meta information. The TurboCap Windows driver has support for
multiple TurboCap boards.
Board (Port) Aggregation. TurboCap supports full-rate aggregation of
the traffic received on both ports of the same board.
Dual Port Pass-thru Mode. TurboCap supports a full-rate pass-thru
mode in which packets received on each port are injected out the other port
of the same board, similar to a hardware tap.
Aggregating Tap. The combination of Board Aggregation and Pass-thru
Mode provides the functionality of a hardware aggregating tap.
Full-Speed Gigabit Ethernet Injection. TurboCap supports
simultaneous full-rate Gigabit packet injection on both ports. Packets are
transmitted in the order in which they are sent to the driver and with
minimal delay.
Wireshark and WinPcap Compatible. Wireshark can be used to capture
on all of the TurboCap interfaces including the aggregating ports and
capture files obtained using the TurboCap dump-to-disk application can be
opened and analyzed using Wireshark. TurboCap is integrated with
WinPcap and, consequently, supports other open-source applications that
use the WinPcap API, such as Windump and Ntop.
3
Overview of TurboCap
Terminology
Board: a PCI-Express Intel network card.
Port: one of the two Ethernet connectors on a board. The two ports are
called port A and port B.
Packet: a unit of data transmitted or received on the physical Ethernet
cable. A packet is defined as starting from the Ethernet header (the first
field is the MAC destination address) and up to and including the Ethernet
Frame Check Sequence field (FCS).
Overall Description
TurboCap is a solution for packet capture and packet injection that runs on
a standard Windows-based machine. TurboCap includes three main
components, shown in Figure 1:
TurboCap
TurboCap
TurboCap
Wireshark
Wireshark
Wireshark
Wireshark
WinPcap
WinPcap
WinPcap
WinPcap
TurboCap
TurboCap
TurboCap
TurboCap
user API
user API
user API
user API
TurboCap
TurboCap
TurboCap Driver
TurboCap Driver
TurboCap Driver
TurboCap Driver
TurboCap Board
TurboCap Board
TurboCap Board
TurboCap Board
Gigabit
Gigabit
Ethernet Port
Ethernet Port
Figure 1 - TurboCap Modules
TurboCap
Native application
Native application
Native application
Native application
Kernel mode
Kernel mode
Gigabit
Gigabit
Ethernet Port
Ethernet Port
User mode
User mode
- A Dual Port Gigabit Ethernet Board, named TurboCap Board.
- A custom Windows driver (TurboCap Driver).
- A user level API (TurboCap user API). The API allows writing
custom sniffing and packet injection tools, as well as using existing
4 TurboCap User’s Guide
Feature Description
applications based on WinPcap (Through a custom modification of the
WinPcap DLLs)
TurboCap supports receiving and transmitting packets from each of the
ports of a board.
In the following paragraphs, in order to distinguish the features typical of
reception from the ones of transmission, we use the terms capture (when
the feature is related to reception) and injection (when the feature is related
to transmission).
When we talk about capture, we mean that TurboCap receives all the
packets from the Ethernet cable attached to a port of the board and
delivers such packets to an application running on top of TurboCap.
When we talk about injection, we mean that TurboCap receives packets
from an application and transmits them on a specific port of the board.
Concurrent capture and injection
TurboCap can
- Capture and inject concurrently on the same port of a board.
- Capture concurrently on the two ports of a board.
- Inject concurrently on the two ports of a board.
- All the possible combinations of the above.
Packet timestamps
Capture
Each received packet is delivered with a timestamp attached to it.
The timestamp corresponds to the moment when the reception of the
packet completed, i.e. when the last byte of the packet was received.
The timestamp is represented as a 64 bit unsigned integer value,
representing the number of nanoseconds since the midnight Coordinated
Universal Time (UTC) of January 1, 1970.
Three timestamping modes are available:
- OFF: timestamps are not generated and the timestamp field in the
packet meta-information (if available) is set to 0.
- ON (polling mode): timestamps are generated by the TurboCap
TurboCap User’s Guide 5
Loading...