cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

TCPDUMP Trace not capturing any packets

bob_zins
Helper

I'm taking a trace on one of my AMDs in rcon using tcpdump against a single host. This trace is not collecting any packets (other traces work fine). To the best of my knowledge traffic from this IP is being directed to this AMD. Here is my question, is it required to have a software service already configured on this AMD in order for the trace to see packets? Note: Enable monitoring of Autodiscovered Software Service is NOT checked.

Here is the command I'm using.

tcpdump 0 "/tmp/agile.pcap" "vlan and host 10.148.133.154"

5 REPLIES 5

adam_piotrowicz
Dynatrace Pro
Dynatrace Pro

Try:

tcpdump 0 "/tmp/agile.pcap" "(vlan and host 10.148.133.154) or host 10.148.133.154"

Adam,

Still zero packets. To be clear, do I need a software service configured on that AMD for the trace to capture packets? Also, does it matter if "Enable monitoring of Autodiscovered Software Service" is checked or un-checked?

Your question was valid and I haven't answered it 🙂

If you have custom driver you must have User-Defined SS created if Autodiscovered is not enabled.

What driver do you have?

joseph_wendl
Helper

Hi Bob,

This article will describe the idea behind Autodiscovered Software Services a bit better,

https://community.dynatrace.com/community/display/...

I believe, in order to capture traffic through tcpdump, the AMD must be seeing some sort of traffic from the vlan / host that you are attempting to capture packets from.

By turning on autodiscovered software services, you will be able to more accurately monitor those software services for which you may not know ports or ip addresses.

I would attempt to create a software service based on the information above, and attempt your tcpdump afterward.

If that is inconclusive, I've also found a few more reasons for zero packets in a tcpdump;

"Zero byte capture file could be due to the following:


  • No traffic on the line during the period of the capture
  • Traffic not spanned to AMD
  • Host IP is masked via NAT "

As noted by Jacob C in this post: https://answers.dynatrace.com/questions/118583/cap...

Hope this helps,

Joe

You can also run this command, from your AMD as root user to verify that you are seeing traffic from that IP address:

rcmd lsrv | grep 10.148.133.154

Roberto_Vannucc
Dynatrace Organizer
Dynatrace Organizer

It depends if you are using custom driver or not. If you have are using custom driver, you need to have the software service configured or "monitor all Traffic" (autodiscovery) flag in the AMD enabled because the custom drivers will filter at driver level thus you won't see the traffic in the trace unless it is specified to see it (autodiscovery will enable "all").

If you are using native drivers, you should see the packets in the trace. If not it is either not routed or the filters are incorrect (like vlan tag - as suggested by Adam).

Cheers

Roberto