Multi-blade capture (tcpdump –mcap -view)
Use this command to see TCP/IP and other packets sent and received by the 61000/41000 Security System. This release includes these 61000/41000 Security System-specific enhancements to the standard tcpdump utility:
tcpdump –mcap - Gets packets from specified SGMs and saves them to a capture file.tcpdump –view Shows packets in the specified capture file, including the SGM ID from the packet captured packet.
Syntax
tcpdump [-b <sgm_ids>] -mcap -w <capture_path> [<tcpdump_ops>]
tcpdump -view -r <capture_path> [<tcpdump_ops>]
Note - To stop the capture and save the data to the capture file, enter at the prompt.
Parameter
|
Description
|
-b <sgm_ids>
|
Works with SGMs and/or Chassis as specified by <sgm_ids>.
The <sgm_ids> can be:
- No <sgm
_ids > specified or all shows all SGMs and Chassis - One SGM
- A comma-separated list of SGMs (
1_1,1_4 ) - A range of SGMs (
1_1-1_4 ) - One Chassis (
Chassis1 or Chassis2 ) - The active Chassis (
chassis_active )
|
-w <capture_path>
|
Saved file full path.
In addition to the merged capture file, per SGM capture files are created in the same directory, suffixed by their SGM ID.
|
-r <capture_path>
|
Read file full path.
Regular tcpdump output, prefixed by SGM ID of the processing SGM ID.
|
Example - Capture all SGMs
> tcpdump –mcap –w /tmp/capture
Capturing packets…
Write "stop" and press enter to stop the packets capture process.
1_01:
tcpdump: listening on eth1-Mgmt4, link-type EN10MB (Ethernet), capture size 96 bytes
stop
Received user request to stop the packets capture process.
Copying captured packets from all SGMs...
Merging captured packets from SGMs to /tmp/capture...
Done.
Example - Capture packets from specified SGMs and interfaces
> tcpdump –b 1_1,1_3,2_1 –mcap –w /tmp/capture –nnni eth1-Mgmt4
Example - Show captured packets from file
> tcpdump -view -r /tmp/capture
Reading from file /tmp/capture, link-type EN10MB (Ethernet)
[1_3] 14:11:57.971587 IP 0.0.0.0.cp-cluster > 172.16.6.0.cp-cluster: UDP, length 45
[2_3] 14:12:07.625171 IP 0.0.0.0.cp-cluster > 172.16.6.0.cp-cluster: UDP, length 45
[2_3] 14:12:09.974195 IP 0.0.0.0.cp-cluster > 172.16.6.0.cp-cluster: UDP, length 37
[2_1] 14:12:09.989745 IP 0.0.0.0.cp-cluster > 172.16.6.0.cp-cluster: UDP, length 45
[2_3] 14:12:10.022995 IP 0.0.0.0.cp-cluster > 172.23.9.0.cp-cluster: UDP, length 32
|