How to perform offline network packet capture in Photon OS
search cancel

How to perform offline network packet capture in Photon OS

book

Article ID: 322741

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

This article provides steps to install tcpdump and libpcap files offline to perform packet capture from an appliance running Photon OS.

Symptoms:
Perform packet capture in an appliance running Photon OS without internet access.

Environment

VMware vCloud Usage Meter 4.x

Resolution

Procedure

Here are the detailed steps to install tcpdump and libpcap files offline to perform packet capture in an appliance running Photon OS:
  1. Install tcpdump and  libpcap rpm on your local system by using the below links:
    1. https://packages.vmware.com/photon/3.0/photon_release_3.0_x86_64/x86_64/tcpdump-4.9.2-1.ph3.x86_64.rpm
    2. https://packages.vmware.com/photon/3.0/photon_release_3.0_x86_64/x86_64/libpcap-1.9.0-2.ph3.x86_64.rpm
  2. ​​​Use WinSCP or any file transfer tool to copy both files to your desired machine by root login under cd /tmp path.
  3. Take SSH session and log in as root into the appliance.
  4. Switch to the /tmp directory and check whether the files are present or not. 
    cd /tmp
  5. Remove the photon_vasecurity package. It is required that you remove it before installing tcpdump.  To do so, run the following commands in the order they are given:
tdnf remove photon_vasecurity
rpm -ivh libpcap*.rpm
rpm -ivh tcpdump*.rpm
  1. After the manual installation of the libpcap and tcpdump packages, run the packet capture. Initiate packet capture, it will run for a while and a file with .pcap extension will be generated:
tcpdump -i eth0 -w <file_name>.pcap
  1. Run the pcap file in Wireshark or any other network analyzer tool in order to read the content.


Attachments

tcpdump-4.9.2-1.ph3.x86_64 get_app
libpcap-1.9.0-2.ph3.x86_64 get_app
Powered by Wolken Software