Open Frames Download Complete PDF Send Feedback Print This Page

Previous

Next

Multi-blade capture (tcpdump –mcap -view)

Use this command to see TCP/IP and other packets sent and received by the 61000/41000 Security System. This release includes these 61000/41000 Security System-specific enhancements to the standard tcpdump utility:

  • tcpdump –mcap - Gets packets from specified SGMs and saves them to a capture file.
  • tcpdump –view Shows packets in the specified capture file, including the SGM ID from the packet captured packet.

Syntax

tcpdump [-b <sgm_ids>] -mcap -w <capture_path> [<tcpdump_ops>]
tcpdump -view -r <capture_path> [<tcpdump_ops>]

Note - To stop the capture and save the data to the capture file, enter ctl-c at the prompt.

Parameter

Description

-b <sgm_ids>

Works with SGMs and/or Chassis as specified by <sgm_ids>.

The <sgm_ids> can be:

  • No <sgm_ids> specified or all shows all SGMs and Chassis
  • One SGM
  • A comma-separated list of SGMs (1_1,1_4)
  • A range of SGMs (1_1-1_4)
  • One Chassis (Chassis1 or Chassis2)
  • The active Chassis (chassis_active)

 

-w <capture_path>

Saved file full path.

In addition to the merged capture file, per SGM capture files are created in the same directory, suffixed by their SGM ID.

-r <capture_path>

Read file full path.

Regular tcpdump output, prefixed by SGM ID of the processing SGM ID.

Example - Capture all SGMs

> tcpdump –mcap –w /tmp/capture
Capturing packets…
Write "stop" and press enter to stop the packets capture process.
1_01:
tcpdump: listening on eth1-Mgmt4, link-type EN10MB (Ethernet), capture size 96 bytes
stop	
Received user request to stop the packets capture process.

Copying captured packets from all SGMs...
Merging captured packets from SGMs to /tmp/capture...
Done.

Example - Capture packets from specified SGMs and interfaces

> tcpdump –b 1_1,1_3,2_1 –mcap –w /tmp/capture –nnni eth1-Mgmt4

Example - Show captured packets from file

> tcpdump -view -r /tmp/capture
Reading from file /tmp/capture, link-type EN10MB (Ethernet)
 [1_3] 14:11:57.971587 IP 0.0.0.0.cp-cluster > 172.16.6.0.cp-cluster: UDP, length 45
 [2_3] 14:12:07.625171 IP 0.0.0.0.cp-cluster > 172.16.6.0.cp-cluster: UDP, length 45
 [2_3] 14:12:09.974195 IP 0.0.0.0.cp-cluster > 172.16.6.0.cp-cluster: UDP, length 37
 [2_1] 14:12:09.989745 IP 0.0.0.0.cp-cluster > 172.16.6.0.cp-cluster: UDP, length 45
 [2_3] 14:12:10.022995 IP 0.0.0.0.cp-cluster > 172.23.9.0.cp-cluster: UDP, length 32
 
Top of Page ©2014 Check Point Software Technologies Ltd. All rights reserved. Download Complete PDF Send Feedback Print