Packet Capture
The diagnostic tool capture
captures network traffic to retrieve the following information:
Source MAC and IP address
VRID
VRRP priority
From the Web user interface (web UI)
Open the DiagTools tab.
From Select list, choose
capture (interface*, filter*, ignored)
.-
Enter the following parameters:
interface
: Capture on a single interface. Default capture on all interfaces-
filter
: (optional) which packets to capture. By default, all packets are captured.For example:
A protocol name:
vrrp
,icmp
A specific IP address: host
<ip>
A specific TCP or UDP port: port
<port>
Click Run.
From the command line interface (CLI)
Get root rights by typing
root
.Run
tcpdump -vvvenns0 -c 5 [-i <interface>] <filter>
.
Output example
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
04:59:41.088388 00:15:5d:75:2e:1b > 01:00:5e:00:00:12, ethertype IPv4 (0x0800), length 106: (tos 0x0, ttl 255, id 879, offset
0 flags [none], [...]
04:59:41.157687 00:15:5d:75:2e:45 > 00:15:5d:75:2e:1b, ethertype ARP (0x0806), length 42: arp who-has 10.0.0.190
(00:15:5d:75:2e:1b) tell 10.0.0.187
04:59:41.157723 00:15:5d:75:2e:1b > 00:15:5d:75:2e:45, ethertype ARP (0x0806), length 42: arp reply 10.0.0.190 is-at
00:15:5d:75:2e:1b
04:59:41.306124 00:15:5d:75:2e:1b > 00:15:5d:75:2e:45, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 48464,
offset 0, flags [DF], [...]
04:59:41.307063 00:15:5d:75:2e:45 > 00:15:5d:75:2e:1b, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 6419,
offset 0, flags [DF], [...]
5 packets captured
0 packets received by filter
0 packets dropped by kernel
Tips
Capture VRRP traffic
To capture VRRP traffic, use vrrp
as <filter>
and choose an interface
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
14:12:27.936839 00:0c:49:65:47:0e > ... , proto VRRP (112), 10.9.104.253 > 224.0.0.18, ... , vrid 30, prio 35, ... , addrs: ...
14:12:28.250381 00:0c:59:20:c7:f6 > ... , proto VRRP (112), 10.9.104.241 > 224.0.0.18, ... , vrid 166, prio 133, ... , addrs: ...
14:12:28.460930 00:0d:b9:18:b9:74 > ... , proto VRRP (112), 10.9.104.253 > 224.0.0.18, ... , vrid 55, prio 70, ... , addrs: ...
14:12:28.939831 00:0c:49:65:47:0e > ... , proto VRRP (112), 10.9.104.253 > 224.0.0.18, ... , vrid 30, prio 35, ... , addrs: ...
14:12:28.250381 00:0c:59:20:c7:f6 > ... , proto VRRP (112), 10.9.104.241 > 224.0.0.18, ... , vrid 166, prio 133, ... , addrs: ...
5 packets captured
0 packets received by filter
0 packets dropped by kernel
Next up
Ping