tcpdump

This command is supported only on these:

  • ElasticXL Cluster

  • Maestro Security Group

  • Scalable Chassis Security Group

Notes:

  • You must run the "g_tcpdump" command in the Expert mode

  • You must run the "tcpdump" command in Gaia gClish.

Description

This command performs the Multi-Blade Traffic Capture.

It captures and shows traffic that is sent and received by Security Group Members in the Security Group.

These commands are enhancements to the standard tcpdump utility:

Command

Description

tcpdump -mcap

Saves packets from specified Security Group Members to a capture file.

tcpdump -view

Shows packets from the specified capture file, including the Security Group Member ID.

Syntax in the Expert mode

g_tcpdump [-b <SGM IDs>] -mcap -w <Output File> [<tcpdump Options>]

g_tcpdump -view -r <Input File> [<tcpdump Options>]

Syntax in Gaia gClish

tcpdump [-b <SGM IDs>] -mcap -w <Output File> [<tcpdump Options>]

tcpdump -view -r <Input File> [<tcpdump Options>]

Note - To stop the capture and save the data to the capture file, press CTRL+C at the prompt.

Parameters

Parameter

Description

-b <SGM IDs>

Applies to Security Group Members as specified by the <SGM IDs>.

<SGM IDs> can be:

  • No <SGM IDs> specified, or all

    Applies to all Security Group Members and all Sites

  • One Security Group Member (for example, 1_1)

  • A comma-separated list of Security Group Members (for example, 1_1,1_4)

  • A range of Security Group Members (for example, 1_1-1_4)

  • One Site (chassis1, or chassis2)

  • The Active Site (chassis_active)

-w <Output File>

Saves the captured packets at the specified path in a file with the specified the name.

This output file contains captured packets from all specified Security Group Members.

In the same directory, the command saves additional output files for each Security Group Member.

The names of these additional files are: <SGM ID>_<Specified Name of Output File>

Example:

  • The specified full path is:

    /tmp/capture.cap

  • The additional capture files are:

    /tmp/1_1_capture.cap

    /tmp/1_2_capture.cap

    /tmp/1_3_capture.cap

    and so on

-r <Input File>

Reads the captured packets (in the tcpdump format) from the specified path from a file with the specified the name.

<tcpdump Options>

Standard tcpdump parameters.

See the tcpdump manual page - https://linux.die.net/man/8/tcpdump.

Examples

[Expert@SG-s01-01:0]# gclish

[Global] SG-s01-01 > tcpdump -mcap -w /tmp/capture.cap

Capturing packets...

Write "stop" and press enter to stop the packets capture process.

1_01:

tcpdump: listening on eth1-Mgmt4, link-type EN10MB (Ethernet), capture size 96 bytes

 

Clarification about this output:
At this moment, an administrator pressed the CTRL+C keys

 

stop

Received user request to stop the packets capture process.

 

Copying captured packets from all SGMs...

Merging captured packets from SGMs to /tmp/capture.cap...

Done.

[Global] SG-s01-01>

[Expert@SG-s01-01:0]# gclish

[Global] SG-s01-01 > tcpdump -b 1_1,1_3,2_1 -mcap -w /tmp/capture.cap -nnni eth1-Mgmt4

... ...

[Global] SG-s01-01 >

[Expert@SG-s01-01:0]# gclish

[Global] SG-s01-01> tcpdump -view -r /tmp/capture.cap

Reading from file /tmp/capture.cap, link-type EN10MB (Ethernet)

[1_3] 14:11:57.971587 IP 0.0.0.0.cp-cluster > 172.16.6.0.cp-cluster: UDP, length 45

[2_3] 14:12:07.625171 IP 0.0.0.0.cp-cluster > 172.16.6.0.cp-cluster: UDP, length 45

[2_3] 14:12:09.974195 IP 0.0.0.0.cp-cluster > 172.16.6.0.cp-cluster: UDP, length 37

[2_1] 14:12:09.989745 IP 0.0.0.0.cp-cluster > 172.16.6.0.cp-cluster: UDP, length 45

[2_3] 14:12:10.022995 IP 0.0.0.0.cp-cluster > 172.23.9.0.cp-cluster: UDP, length 32

... ...

[Global] SG-s01-01>

Related Commands