SummaryProcess to get TCP dumps. also when taking a TCPDump from the Exinda, there are various filters that can be put in place before the capture is started to beter find traffic relevant to the reason the capture is needed.
OverviewPacket captures can be generated from the Exinda web UI from Configuration > System > Diagnostics > TCP Dump
TCPDump is a Linux library that will create pcap files for deep packet inspection of information that is travelling through interfaces. TCPDump is deployed on Exinda appliances as a way to capture packets travelling through specific bridges, or the entire device. It can be an invaluable tool when troubleshooting and gathering diagnostics.
Filtering the information, if knowing what is being sought after, can be useful in order to help fine tune the capture to find exactly what is being requested. This is done through standard TCPDump filters.
These various filters include:
- host ip - Filter if source or destination is ip
- src host ip - Filter is source host is ip
- dst host ip - Filter is destination host is ip
- net subnet - Filter any source or destination that belongs to the subnet subnet
- port port_num - Filter any traffic that is going to or from port port_num
- ip proto protocol_name - Filter any traffic that belongs to the L3/L4 protocol protocol_name (ie, ICMP, TCP, UDP)
- ether proto protocol_name - Filter any traffic that belongs to the L2 protocol protocol_name (ie, ARP, IP)
If, when going to download a TCP dump file, it is just showing extension .tar instead of .tar.gz and causing issues in extracting the files then just change the extension to .zip and it will help extract the required dump files. Alternatively, wait some time and refresh the page to see if the extension changes to .tar.gz, as the GZip process can take some time for large captures.