ISILON : Comment exécuter tcpdump en mode de conformité sur plusieurs interfaces sur tous les nœuds ?

Summary: Le mode Compliance nécessite de légères modifications des commandes tcpdump habituelles du support.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Instructions

  1. Créez un dossier pour enregistrer les captures de paquets. 
    1. mkdir -p /ifs/data/tcpdump/$(date +%F)

# Writes to Isilon_Support are protected, use /ifs/data/tcpdump/ instead.
  2. Démarrez la capture. 
    1. sudo isi_for_array 'for iface in `ifconfig | grep -B3 ether | grep flags | grep -v ISIINTERNAL | cut -d ":" -f1`; do echo `hostname`; sudo tcpdump -i $iface -s1000 -w /ifs/data/tcpdump/$(date +%F)/`hostname`_"$iface"_$(date +%F_%H%M%S).pcap &; done'

# Press Ctrl+C to return to the shell prompt after all tcpdumps have started.
# See the notes for expected output. (There are a number of errors that don't affect the capture)
  3. Vérifiez que la capture est en cours d’exécution. 
    1. sudo isi_for_array "ps -auwwxx | grep tcpdump | grep -v grep"
  4. Reproduisez le problème.
  5. Arrêtez la capture et vérifiez qu’elle s’est arrêtée sur tous les nœuds. 
    1. sudo isi_for_array "sudo killall tcpdump"
sudo isi_for_array "ps -auwwxx | grep tcpdump | grep -v grep"

# See notes for expected output
  6. Téléchargez les captures avec un jeu de journaux. 
    1. sudo isi_gather_info -f /ifs/data/tcpdump/$(date +%F)

Additional Information

Lors de l’exécution de la capture, il est possible de voir un certain nombre d’erreurs sur « do » inattendues ; Ceux-ci peuvent être ignorés.
La figure suivante illustre un démarrage de la capture réussi :

Isilon-1% sudo isi_for_array 'for iface in `ifconfig | grep -B3 ether | grep flags | grep -v ISIINTERNAL | cut -d ":" -f1`; do echo `hostname`; sudo tcpdump -i $iface -s1000 -w /ifs/data/tcpdump/$(date +%F)/`hostname`_"$iface"_$(date +%F_%H%M%S).pcap &; done'

Syntax error: "do" unexpected
Syntax error: "do" unexpected
Syntax error: "do" unexpected
Isilon-1: Isilon-1
Isilon-3: Isilon-3
Isilon-1: Isilon-1
Isilon-2: Isilon-2
Isilon-1: tcpdump: WARNING: unable to contact casperd
Isilon-1: tcpdump: WARNING: em2: no IPv4 address assigned
Isilon-1: tcpdump: WARNING: unable to contact casperd
Isilon-1: tcpdump: listening on em1, link-type EN10MB (Ethernet), capture size 1000 bytes
Isilon-1: tcpdump: listening on em2, link-type EN10MB (Ethernet), capture size 1000 bytes
Isilon-3: Isilon-3
Isilon-3: tcpdump: WARNING: em1: no IPv4 address assigned
Isilon-3: tcpdump: WARNING: unable to contact casperd
Isilon-3: tcpdump: WARNING: em2: no IPv4 address assigned
Isilon-3: tcpdump: WARNING: unable to contact casperd
Isilon-3: tcpdump: listening on em1, link-type EN10MB (Ethernet), capture size 1000 bytes
Isilon-3: tcpdump: listening on em2, link-type EN10MB (Ethernet), capture size 1000 bytes
Isilon-2: Isilon-2
Isilon-2: tcpdump: WARNING: em2: no IPv4 address assigned
Isilon-2: tcpdump: WARNING: unable to contact casperd
Isilon-2: tcpdump: WARNING: em1: no IPv4 address assigned
Isilon-2: tcpdump: WARNING: unable to contact casperd
Isilon-2: tcpdump: listening on em2, link-type EN10MB (Ethernet), capture size 1000 bytes
Isilon-2: tcpdump: listening on em1, link-type EN10MB (Ethernet), capture size 1000 bytes

# Pressed Ctrl+C to return to shell
Isilon-1%

When checking running processes, expect to see something like the following:

Isilon-1% sudo isi_for_array "ps -auwwxx | grep tcpdump | grep -v grep"
Isilon-3: root      71317   0.0  0.3  90240  6188  -  SN@   3:25PM     0:00.01 sudo tcpdump -i em1 -s1000 -w /ifs/data/tcpdump/2018-09-14/Isilon-3_2018-09-14_152532.pcap
Isilon-3: root      71322   0.0  0.3  90240  6188  -  SN@   3:25PM     0:00.01 sudo tcpdump -i em2 -s1000 -w /ifs/data/tcpdump/2018-09-14/Isilon-3_2018-09-14_152532.pcap
Isilon-3: root      71323   0.0  0.4  70236  7816  -  SN    3:25PM     0:00.02 tcpdump -i em1 -s1000 -w /ifs/data/tcpdump/2018-09-14/Isilon-3_2018-09-14_152532.pcap
Isilon-3: root      71324   0.0  0.4  70236  7820  -  SN    3:25PM     0:00.02 tcpdump -i em2 -s1000 -w /ifs/data/tcpdump/2018-09-14/Isilon-3_2018-09-14_152532.pcap
Isilon-1: root      76007   0.0  0.3  89984   6088  -  SN@   3:25PM     0:00.01 sudo tcpdump -i em1 -s1000 -w /ifs/data/tcpdump/2018-09-14/Isilon-1_2018-09-14_152532.pcap
Isilon-1: root      76012   0.0  0.3  89984   6088  -  SN@   3:25PM     0:00.01 sudo tcpdump -i em2 -s1000 -w /ifs/data/tcpdump/2018-09-14/Isilon-1_2018-09-14_152532.pcap
Isilon-1: root      76013   0.0  0.4  70236   7736  -  SN    3:25PM     0:00.02 tcpdump -i em1 -s1000 -w /ifs/data/tcpdump/2018-09-14/Isilon-1_2018-09-14_152532.pcap
Isilon-1: root      76014   0.0  0.4  70236   7736  -  SN    3:25PM     0:00.02 tcpdump -i em2 -s1000 -w /ifs/data/tcpdump/2018-09-14/Isilon-1_2018-09-14_152532.pcap
Isilon-2: root      51721   0.0  0.3  90240  6180  -  SN@   3:25PM     0:00.01 sudo tcpdump -i em1 -s1000 -w /ifs/data/tcpdump/2018-09-14/Isilon-2_2018-09-14_152532.pcap
Isilon-2: root      51726   0.0  0.3  90240  6180  -  SN@   3:25PM     0:00.01 sudo tcpdump -i em2 -s1000 -w /ifs/data/tcpdump/2018-09-14/Isilon-2_2018-09-14_152532.pcap
Isilon-2: root      51727   0.0  0.4  70236  7752  -  SN    3:25PM     0:00.02 tcpdump -i em2 -s1000 -w /ifs/data/tcpdump/2018-09-14/Isilon-2_2018-09-14_152532.pcap
Isilon-2: root      51728   0.0  0.4  70236  7752  -  SN    3:25PM     0:00.02 tcpdump -i em1 -s1000 -w /ifs/data/tcpdump/2018-09-14/Isilon-2_2018-09-14_152532.pcap

After killing tcpdump, expect to see the following:

Isilon-1% sudo isi_for_array "ps -auwwxx | grep tcpdump | grep -v grep"
Isilon-2 exited with status 1
Isilon-1 exited with status 1
Isilon-3 exited with status 1

Affected Products

Isilon
Article Properties
Article Number: 000019451
Article Type: How To
Last Modified: 22 May 2025
Version:  4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.