cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How do I specify a specific interface when doing a TCP Dump on an AMD.

bob_zins
Helper

I'm capturing data on two interfaces on an AMD. I would like to do a tcpdump capture all of the traffic on one of the interfaces, because it appears I'm not getting any traffic on that interface. What is the format of the command I should use.

10 REPLIES 10

raffaele_talari
Inactive

Hi @Bob Zins,

you should be able to get traffic from a specific interface using the following syntax:ì

tcpdump 100 "/tmp/your_capture_name.cap" "host 1.1.1.1" "eth2"

(Capturing 100 packets for a single host on a specific interface)

Hope that helps.

Cheers, Raff

I also suggest to give a look at this really helpful page about TCPDump syntax (contains sample commands):

https://community.dynatrace.com/community/display/...

Ciao, Raff

Thanks Raffaele,

I would like to capture all the traffic the AMD is seeing on a specific interface and therefore I do not what to add a filter for a specific host. Is there a way to specify all the host, maybe by supplying a range ? I did not see an example of how to filter for a range of hosts on the site you supplied.

Hi Bob, have you already tried without specifying the host part? Raff

Try:

tcpdump 100 "/tmp/your_capture_name.cap" "tcp or udp" "eth2"

sometimes the filter option "vlan" needs to be added if the traffic is vlan encapsulated. We are using the following syntax in this case:

tcpdump 100 "/tmp/capture.cap" "vlan and host 1.1.1.1" "eth2"

within rcon, this should capture eth2 unfiltered; the "" acts as the placeholder for the non-existent filter

tcpdump 100 "/tmp/capture.pcap" "" "eth2"

-- Erik

rnadar
Guide

Hi Bob,

See below command to capture all traffic for particular interface.

Simple cmd:

tcpdump -i eth0 

To analysis data, use WireShark & below cmd:

tcpdump -i eth0 -s0 -C 100 -w yourfilename.pcapng

Note:

Before your use this cmd make sure you are in root and in tmp directory.

This cmd will save each file to 100mb and create another 100mb file.

Get communication between 2 host

tcpdump -w yourfilename.pcap -i eth0 dst 1.1.1.1

-Ram

Ramesh,

Please be aware that this command is useful only when capturing data from communication interface (TCAM mappings/users, NFC data, CAS<->AMD traffic) and will not capture the data configured to be monitored by Software Services. Rcon console should be used for this.

Thanks Adam