OS10 Enterprise Edition User Guide Release 10.4.0E(R3)

PDF

Packet analysis

Use the Linux tcpdump command to analyze network packets. Use filters to limit packet collection and output. You must be logged into the Linux shell to use this command (see Log into OS10 Device ).

Use the tcpdump command without parameters to view packets that flow through all interfaces. To write captured packets to a file, use the -w parameter. To read the captured file output offline, you can use open source software packages such as wireshark.

Capture packets from Ethernet interface

$ tcpdump -i e101-003-0
                                 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
                                 listening on e101-003-0, link-type EN10MB (Ethernet), capture size 262144 bytes
                                 01:39:22.457185 IP 3.3.3.1 > 3.3.3.4: ICMP echo request, id 5320, seq 26, length 64
                                 01:39:22.457281 IP 3.3.3.1 > 3.3.3.4: ICMP echo reply, id 5320, seq 26, length 64
                              

Capture two packets from interface

$ tcpdump -c 2 -i e101-003-0
                                 listening on e101-003-0, link-type EN10MB (Ethernet), capture size 96 bytes
                                 01:39:22.457185 IP 3.3.3.1 > 3.3.3.4: ICMP echo request, id 5320, seq 26, length 64
                                 01:39:22.457281 IP 3.3.3.1 > 3.3.3.4: ICMP echo reply, id 5320, seq 26, length 64
                                 2 packets captured
                                 13 packets received by filter
                                 0 packets dropped by kernel
                              

Capture packets and write to file

$ tcpdump -w 06102016.pcap -i e101-003-0
                                 listening on e101-003-0, link-type EN10MB (Ethernet), capture size 96 bytes
                                 32 packets captured
                                 32 packets received by filter
                                 0 packets dropped by kernel
                              

Rate this content

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\