How to capture network traffic from Bosh director and move it to your pc.
Article ID: 293837
Updated On:
Products
Operations Manager
Issue/Introduction
How can I view information on the network traffic passing between the Bosh Director VM and any other component such as Iaas and move it to our local computer?
This document explains how to enable packet capture via tcpdump in the Bosh director vm in order to analyze the traffic with tools such as Wireshark.
Although tcpdump is a very flexible utility, the instructions below show a simple tcpdump -w <file_name.pcap> example, you can always modify or add filters depending on the test or event to capture, you can learn more about the filters here.
This document explains how to enable packet capture via tcpdump in the Bosh director vm in order to analyze the traffic with tools such as Wireshark.
Although tcpdump is a very flexible utility, the instructions below show a simple tcpdump -w <file_name.pcap> example, you can always modify or add filters depending on the test or event to capture, you can learn more about the filters here.
Environment
Product Version: 2.10
Resolution
Step 1) Log in to Operations Manager GUI as admin user and collect the below information from the Director tile:
Director IP Address: From the Status tab.
vcap user Password: From the Credentials tab under Vm Credentials option.
Step 2) SSH into Bosh Director vm with the following command and provide the credentials as requested:
ssh -o StrictHostKeyChecking=no vcap@<bosh director ip>
sudo -i
*In order to run the dump you have to be root. The kernel will not allow non-super users to put a network interface into promiscuous mode.
Step 3) In order to avoid locking up a disk, you need to create a separate directory to store the capture, additionally ensure the tcpdump user has the write permissions to the collection directory. Issue the following commands:
mkdir /tmp/captures
chmod 777 /tmp/captures/
cd /
Step 4) It is very important to limit the capture size to avoid exceeding disk space, you can start the tcpdump, run the following command where -C is the file size and -W is the file count:
tcpdump -C 256 -W 4 -w /tmp/captures/test.pcap (press control c to stop when needed).
Step 5) Change the pcap file owner to vcap and log out from the Bosh director vm.
chown vcap /tmp/captures/test.pcap
logout
Step 6) From the local pc run the following scp command:
scp -o StrictHostKeyChecking=no vcap@<director_ip>:"tmp/captures/test.pcap" .
Step 7) The file is already on the local pc. If needed, you can ssh back to Bosh Director (Steps 1 and 2) and run rm test.pcap in order to remove the capture file once collected to avoid any future storage or space-related issues.
Feedback
Yes
No
Powered by
