Obtain a packet capture from a Linux device


A packet capture must be obtained directly from a Linux device for technical review.

Product Line

Pelco Cameras, Pelco Video Management


  • Sarix platform cameras
  • Endura Linux devices


Information to assist users in obtaining a network packet capture from a Linux device for review.



  • Putty.exe and Pscp.exe must be installed on the Windows PC from which this procedure will be run. The complete PuTTY package that includes these files is available as a Windows installer package from putty.org .
  • SSH must be enabled on the Sarix camera or Endura device. By default all Endura devices have SSH enable. To enable SSH on a Sarix camera access the Web UI of the camera and select Network -> SSH.
  • Tcpdump must be installed on the appropriate Linux device(s). See Lessons Learned Article #10744 on installing tcpdump on a Pelco Linux device.


  1. Start Windows Command Prompt and type putty [deviceIP] 

    Example: putty
  2. Another window will open at this time. When prompted for a username and password the username is root and the default password is pel2899100 for Endura devices or the password that has been specified for the Sarix camera.
  3. Type cd /root to ensure that we are in the root directory.
  4. Type tcpdump -s0 -w capture.pcap to begin the packet capture.

·         -s0 captures the entire packet (default is 96 bytes which typically isn't large enough for a SOAP message)

·         -w capture.pcap writes the output to capture.pcap in a format suitable for examination with Wireshark.


  1. Press ctrl+c to stop the packet capture.

              Important Note: Video packet captures can get large quickly and take up a large amount of space on limited devices such as cameras. It is not recommended that a capture run for more than a few minutes at a time when capturing directly to a camera.

  1. Start Windows Command Prompt and type pscp –scp root@[deviceIP]:[file location] [local destination] to transfer the file to the local Windows PC.

             Example: pscp root@ C:Files

  1. After the packet captures have been transferred off the Linux device, delete the packet captures by typing rm –f /root/*.pcap from the Linux command prompt.  This will delete all pcap files from the root directory.