Smarts: How do I execute a packet capture/tcpdump in Linux to troubleshoot Smarts polling or discovery errors?
search cancel

Smarts: How do I execute a packet capture/tcpdump in Linux to troubleshoot Smarts polling or discovery errors?

book

Article ID: 304117

calendar_today

Updated On:

Products

VMware Smart Assurance

Issue/Introduction

Symptoms:


How do I execute a packet capture in Linux to troubleshoot Smarts polling or discovery errors?
How do I generate a tcpdump in Linux to troubleshoot Smarts polling or discovery errors?


Receive Smarts IP/Smarts NPM/Smarts MCAST polling or discovery errors in Linux environment

Environment

VMware Smart Assurance - SMARTS

Resolution

The following are some examples of how to run a tcpdump of a Linux network cap trace that can be used to troubleshoot Smarts IP/Smarts NPM/Smarts MCAST polling or discovery errors.

Executing tcpdump from Smarts server against a problem device
The following shows the command syntax for a basic tcpdump written to a file (-w) called <IP Address>.cap, executed from the Smarts server against a device (host) that has demonstrated a Smarts polling or discovery failure:

tcpdump w x.x.x.x.cap host x.x.x.x
(where x.x.x.x is the IP address of the device)

Other examples
tcpdump  w file.cap (use -i to specify interface, -i eth0 to specify eth0 interface) (-s0 captures full 65535 bytes in packet)

tcpdump -w lsrr-red1229.cap src x.x.x.x or dst x.x.x.x  (capture src (source) and dst (destination) packets from IP address x.x.x.x.

tcpdump -w test.cap src port 39478 or dst port 39478

tcpdump -w test.cap  port 39478    

-s 1500 (capture up to 1500 bytes per packet)

tcpdump s 1500 -w test.cap port 38884 or 52225 (capture 1500 bytes/packet from ports 38884 and 52225)

Reading the packet capture file
To read packet capture files, you can use following command or move pcap to Windows system with the Wireshark app loaded:

tcpdump -nnr test.pcap (read)