How to capture packets with IBM Proventia IPS

book

Article ID: 168081

calendar_today

Updated On:

Products

XOS

Issue/Introduction

Obtaining a packet capture on a VAP running Proventia Network IPS requires you to run a non-default tcpdump.The customer needs to perform a tcpdump on an ISS VAP but cannot obtain any useful information with the standard tcpdump command.

Cause

The default tcpdump doesn't work for the circuits bridged by the ISS application. 

Resolution

Proventia IPS uses a special tcpdump command to capture packets. Use the following procedure to capture the necessary information.

1).  RSH to the Proventia VAP group.
2).  Use the following tcpdump command to capture packets:
 

/etc/iss/usr/sbin/tcpdump -i provg_1

 
This command captures packets for all circuits monitored by the Proventia Network IPS application.
 
To add this command as an alias in ~/.bash_profile on the VAP:
 

alias tcpdump='/etc/iss/usr/sbin/tcpdump -i provg_1'

 

To obtain a packet capture for the management circuit, run the following command:
 

/usr/sbin/tcpdump -i <management_circuit_device_name>

PS.: Running ISS tcpdump on a production envionment can cause performance degradation.

Workaround

N/A