How to capture packets with IBM Proventia IPS

Article Id: 168081

Status: Published

Updated On: 13-05-2017 11:19

Legacy Id: TECH244522

Products:

XOS

Issue/Introduction:

Obtaining a packet capture on a VAP running Proventia Network IPS requires you to run a non-default tcpdump.The customer needs to perform a tcpdump on an ISS VAP but cannot obtain any useful information with the standard tcpdump command.

Cause:

The default tcpdump doesn't work for the circuits bridged by the ISS application.

Resolution:

Proventia IPS uses a special tcpdump command to capture packets. Use the following procedure to capture the necessary information.

1). RSH to the Proventia VAP group.
2). Use the following tcpdump command to capture packets:

/etc/iss/usr/sbin/tcpdump -i provg_1

This command captures packets for all circuits monitored by the Proventia Network IPS application.

To add this command as an alias in ~/.bash_profile on the VAP:

alias tcpdump='/etc/iss/usr/sbin/tcpdump -i provg_1'

To obtain a packet capture for the management circuit, run the following command:

/usr/sbin/tcpdump -i <management_circuit_device_name>

PS.: Running ISS tcpdump on a production envionment can cause performance degradation.

Workaround

N/A