Showing results for 
Show  only  | Search instead for 
Did you mean: 

This product reached the end of support date on March 31, 2021.

CBA - Capture from RUM console

Dynatrace Pro
Dynatrace Pro


How works the tcpdump from RUM console (cba capture) ?

Is this tcpdump works for the all kind of traffic span - I think to  the copy of VLAN.

Is this tcpdump works for all the trafic - and in particular for the  trafic not define as a Software service ?

Is this tcpdump works the same with the custom driver or the nativ driver

What are the limitations of this tcpdump?



Dynatrace Pro
Dynatrace Pro


It works the same as the one in rcon, with the following limitations:

  1. It captures entire traffic seen by sniffing interfaces defined in rtm.config,
  2. It has separate sampling mechanism that can limit the amount of traffic reaching CBA process if it's too high,

It works with both drivers.

Please let us know if this answer your question.

Dynatrace Pro
Dynatrace Pro

Thank you Adam, for your answer.

But, since my last experience with the RUM console, I have a doubt.

Is it possible to capture all type of traffic which are seen by the interface , even if this traffic is not défined as a software service ?

In other words, in this case, if the capture doesn't work, is it an issue from RUM console ?  And can I open a call ?


The capture mechanism available from RUM Console records every bit of traffic that is spanned to the AMD, regardless if it's defined as a Software Service or not.

If you believe the capture is not recording something you should first check if sampling mechanism is not affecting your trace like on below example:

If that is the case you can turn off the sampling. It can be done in /usr/adlex/config/cba.config.xml file by changing true to false in the following line:


Then restart of CBA is needed:

service cba restart

Dynatrace Pro
Dynatrace Pro

It's clear. Thank you Adam !




Also remember that if you have a SPAN port as the source, you can't be sure you are getting all packets or unaltered packets since a common setup peels off the VLN tag on the packets (f.ex)