// Module included in the following assemblies: // * observability/network_observability/netobserv-cli-reference.adoc :_mod-docs-content-type: REFERENCE [id="network-observability-netobserv-cli-reference_{context}"] = oc netobserv CLI reference The Network Observability CLI (`oc netobserv`) is a CLI tool for capturing flow data and packet data for further analysis. .`oc netobserv` syntax [source,terminal] ---- $ oc netobserv [] [] [] <1> ---- <1> Feature options can only be used with the `oc netobserv flows` command. They cannot be used with the `oc netobserv packets` command. [cols="3a,8a",options="header"] .Basic commands |=== |Command| Description | `flows` | Capture flows information. For subcommands, see the "Flow capture subcommands" table. | `packets` | Capture packets from a specific protocol or port pair, such as `netobserv packets --filter=tcp,80`. For more information about packet capture, see the "Packet capture subcommand" table. | `cleanup` | Remove the Network Observability CLI components. | `version` | Print the software version. | `help` | Show help. |=== [id="network-observability-cli-enrichment_{context}"] == Network Observability enrichment The Network Observability enrichment to display zone, node, owner and resource names including optional features about packet drops, DNS latencies and Round-trip time can only be enabled when capturing flows. These do not appear in packet capture pcap output file. .Network Observability enrichment syntax [source,terminal] ---- $ oc netobserv flows [] [] ---- .Network Observability enrichment options |=== |Option| Description| Possible values| Default | `--enable_pktdrop` | Enable packet drop. | `true`, `false` | `false` | `--enable_rtt` | Enable round trip time. | `true`, `false` | `false` | `--enable_dns` | Enable DNS tracking. | `true`, `false` | `false` | `--help` | Show help. | - | - | `--interfaces` | Interfaces to match on the flow. For example, `"eth0,eth1"`. | `""` | - |=== [id="cli-reference-flow-capture-options_{context}"] == Flow capture options Flow capture has mandatory commands as well as additional options, such as enabling extra features about packet drops, DNS latencies, Round-trip time, and filtering. .`oc netobserv flows` syntax [source,terminal] ---- $ oc netobserv flows [] [] ---- .Flow capture filter options |=== |Option| Description| Possible values| Mandatory| Default | `--enable_filter` | Enable flow filter. | `true`, `false` | Yes | `false` | `--action` | Action to apply on the flow. | `Accept`, `Reject` | Yes | `Accept` | `--cidr` | CIDR to match on the flow. | `1.1.1.0/24`, `1::100/64`, or `0.0.0.0/0` | Yes | `0.0.0.0/0` | `--protocol` | Protocol to match on the flow | `TCP`, `UDP`, `SCTP`, `ICMP`, or `ICMPv6` | No | - | `--direction` | Direction to match on the flow | `Ingress`, `Egress` | No | - | `--dport` | Destination port to match on the flow. | `80`, `443`, or `49051` | no | - | `--sport` | Source port to match on the flow. | `80`, `443`, or `49051` | No | - | `--port` | Port to match on the flow. | `80`, `443`, or `49051` | No | - | `--sport_range` | Source port range to match on the flow. | `80-100` or `443-445` | No | - | `--dport_range` | Destination port range to match on the flow. | `80-100` | No | - | `--port_range` | Port range to match on the flow. | `80-100` or `443-445` | No | - | `--icmp_type` | ICMP type to match on the flow. | `8` or `13` | No | - | `--icmp_code` | ICMP code to match on the flow. | `0` or `1` | No | - | `--peer_ip` | Peer IP to match on the flow. | `1.1.1.1` or `1::1` | No | - |=== [id="cli-reference-packet-capture-options_{context}"] == Packet capture options You can filter on port and protocol for packet capture data. .`oc netobserv packets` syntax [source,terminal] ---- $ oc netobserv packets [