Capturing a network trace to a file using the tcpdump-uw command fails when the verbose option is enabled
search cancel

Capturing a network trace to a file using the tcpdump-uw command fails when the verbose option is enabled

book

Article ID: 328512

calendar_today

Updated On:

Products

VMware

Issue/Introduction

Symptoms:
When running ESXi 5.x, and capturing a network trace using the tcpdump-uw command, you experience these symptoms:
  • Running the tcpdump-uw command with both the verbose (-v) and write to a pcap file (-w) options enabled fails to complete and exits
  • Running a tcpdump-uw -v -w command returns this output:

    tcpdump-uw: pcap_loop: recvfrom: Interrupted system call


Cause

When running tcpdump-uw with the -w option, to capture the output in a pcap file, and also using the verbose output (-v) option, a SIGALRM is explicitly raised every second and that alarm is associated with a signal handler that prints the number of packets captured. This SIGALRM signal interferes with the poll that is monitoring pcap_read_packet() and this causes the tcpdump-uw process to exit and stop writing to the pcap file.

Here is an example output:

~ # tcpdump-uw -i vmk0 -v -w /tmp/file.pcap
tcpdump-uw: listening on vmk0, link-type EN10MB (Ethernet), capture size 96 bytes
tcpdump-uw: pcap_loop: recvfrom: Interrupted system call
8 packets captured
8 packets received by filter
0 packets dropped by kernel

Resolution

This is a known issue affecting ESXi 5.x hosts. Currently, there is no resolution.

To work around the issue, send the output to a pcap file using the tcpdump-uw command without specifying the -v option.


Additional Information

For more information about the tcpdump-uw command, see Capturing a network trace in ESXi using Tech Support Mode or ESXi Shell (1031186).
Capturing a network trace in ESXi using Tech Support Mode or ESXi Shell
tcpdump-uw コマンドを詳細表示オプション (-v) 付きで実行してネットワークトレースのファイルへのキャプチャを行うと失敗する

Powered by Wolken Software