Procedure
Here are the detailed steps to install
tcpdump and
libpcap files offline to perform packet capture in an appliance running Photon OS:
- Install tcpdump and libpcap rpm on your local system by using the below links:
- https://packages.vmware.com/photon/3.0/photon_release_3.0_x86_64/x86_64/tcpdump-4.9.2-1.ph3.x86_64.rpm
- https://packages.vmware.com/photon/3.0/photon_release_3.0_x86_64/x86_64/libpcap-1.9.0-2.ph3.x86_64.rpm
- Use WinSCP or any file transfer tool to copy both files to your desired machine by root login under cd /tmp path.
- Take SSH session and log in as root into the appliance.
- Switch to the /tmp directory and check whether the files are present or not.
cd /tmp
- Remove the photon_vasecurity package. It is required that you remove it before installing tcpdump. To do so, run the following commands in the order they are given:
tdnf remove photon_vasecurity
rpm -ivh libpcap*.rpm
rpm -ivh tcpdump*.rpm
- After the manual installation of the libpcap and tcpdump packages, run the packet capture. Initiate packet capture, it will run for a while and a file with .pcap extension will be generated:
tcpdump -i eth0 -w <file_name>.pcap
- Run the pcap file in Wireshark or any other network analyzer tool in order to read the content.