How to capture packets with IBM Proventia IPS
Article ID: 168081
Updated On:
Products
XOS
Issue/Introduction
Obtaining a packet capture on a VAP running Proventia Network IPS requires you to run a non-default tcpdump.The customer needs to perform a tcpdump on an ISS VAP but cannot obtain any useful information with the standard tcpdump command.
Cause
The default tcpdump doesn't work for the circuits bridged by the ISS application.
Resolution
Proventia IPS uses a special tcpdump command to capture packets. Use the following procedure to capture the necessary information.
1). RSH to the Proventia VAP group.
2). Use the following tcpdump command to capture packets:
1). RSH to the Proventia VAP group.
2). Use the following tcpdump command to capture packets:
/etc/iss/usr/sbin/tcpdump -i provg_1
This command captures packets for all circuits monitored by the Proventia Network IPS application.
To add this command as an alias in ~/.bash_profile on the VAP:
alias tcpdump='/etc/iss/usr/sbin/tcpdump -i provg_1'
To obtain a packet capture for the management circuit, run the following command:
/usr/sbin/tcpdump -i <management_circuit_device_name>
PS.: Running ISS tcpdump on a production envionment can cause performance degradation.
Workaround
N/AFeedback
Yes
No
Powered by
