Proventia IPS uses a special tcpdump command to capture packets. Use the following procedure to capture the necessary information.
1). RSH to the Proventia VAP group.
2). Use the following tcpdump command to capture packets:
/etc/iss/usr/sbin/tcpdump -i provg_1
This command captures packets for all circuits monitored by the Proventia Network IPS application.
To add this command as an alias in ~/.bash_profile on the VAP:
alias tcpdump='/etc/iss/usr/sbin/tcpdump -i provg_1'
To obtain a packet capture for the management circuit, run the following command:
/usr/sbin/tcpdump -i <management_circuit_device_name>
PS.: Running ISS tcpdump on a production envionment can cause performance degradation.