• How to install TCPDUMP onto a node.

• Installing TCPDUMP package via tdnf install tcpdump fails with error:

  tcpdump package not found or not installed
Error(1011) : No matching packages

• TCPDUMP package is not installed by default due to product security requirements.

• To help with troubleshooting, TCPDUMP package can be temporarily installed.

Pre-requisites:

• Required to have root access on Aria Operations appliance.

• Required to have internet access on the node(s).

Note: Uninstall TCPDUMP after troubleshooting to ensure compliance with security standards and to avoid potential conflicts during system updates.

Confirm the version and release of Photon OS

• Check release:

  cat /etc/vmware/.buildInfo | grep RELEASE

• Check Photon OS Version:

  cat /etc/photon-release

Install the TCPDUMP package

• For Photon 3.0:

wget https://packages.vmware.com/photon/3.0/photon_updates_3.0_x86_64/x86_64/tcpdump-4.99.4-2.ph3.x86_64.rpm -P /tmp
rpm -i --nodeps /tmp/tcpdump-4.99.4-2.ph3.x86_64.rpm
tcpdump --version

• For Photon 4.0:

wget https://packages.vmware.com/photon/4.0/photon_updates_4.0_x86_64/x86_64/tcpdump-4.99.4-2.ph4.x86_64.rpm -P /tmp
rpm -i --nodeps /tmp/tcpdump-4.99.4-2.ph4.x86_64.rpm
tcpdump --version

• For Photon 5.0:

wget https://packages.vmware.com/photon/5.0/photon_updates_5.0_x86_64/x86_64/tcpdump-4.99.4-3.ph5.x86_64.rpm -P /tmp
rpm -i --nodeps /tmp/tcpdump-4.99.4-3.ph5.x86_64.rpm
tcpdump --version

Perform network packet capture

• tcpdump -i <interface_name> -w <file_name.pcap>

Example: tcpdump -i eth0 -w /tmp/example.pcap

Uninstall the TCPDUMP package

• Access node as root via SSH or Console.
• Uninstall tcpdump:
  rpm -e tcpdump

• How to check Release and Photon OS Version on Aria Operations

Test SNMP:

tcpdump -ni any udp port 162 -s 0 -w <filename>.pcap