Prisma SD-WAN
tcpdump
Table of Contents
Expand All
|
Collapse All
Prisma SD-WAN Docs
-
-
-
- CloudBlade Integrations
- CloudBlades Integration with Prisma Access
-
-
-
-
- 5.6
- 6.1
- 6.2
- 6.3
- 6.4
- 6.5
- New Features Guide
- On-Premises Controller
- Prisma SD-WAN CloudBlades
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed
tcpdump
Use the tcpdump command to capture the TCP, or IP packets received or
transferred over a network on a specific interface and used for network debugging and
traffic analysis. The packet data is printed on a console or saved to a future analysis
file or transfer. The following (args) options are automatically included in the device:
"-A", "b", "-e", "-K", "-#", "-p", "-q", "-S", "-t", "-tt", "-ttt", "-tttt", "-ttttt", "-u", "-v", "-vv", "-vvv", "-x", "-xx", "-X", "-XX" "-B", "-c", "-E", "-j", "-M", "-Q", "-T", "-s" "-C"
Capturing packets using the tcpdump command is currently not supported
on sub-interfaces or SVIs for ION device software versions 6.1.x, 6.2.x, and 6.3.x.
However, traffic flow of interest on such interfaces can be captured on parent
interface, with the help of available (args) options.
Args options are not supported in releases 6.4.2 and 6.5.1, it will be
reintroduced in the upcoming releases 6.4.3 and 6.5.2.
- For capturing the packets:tcpdump interface= -v -vv -x -xx srcv4= dstv4= srcv6= dstv6= host= port= srcport= dstport= protocol= showtcpdump interface args=” “ showFor saving packets capture to a file:tcpdump interface args=” “ save filenametcpdump interface= -v -vv -x -xx srcv4= dstv4= srcv6= dstv6= host= port= srcport= dstport= protocol= save filenameFor viewing and exporting a .pcap file:file view sample.pcap
Command
tcpdump (interface name or number <args= " " | show | save file=filename>)tcpdump (interface name or number-v -vv -x -xx srcv4= dstv4= srcv6= dstv6= host= port= srcport= dstport= protocol= show | save file=filename>)Options
interface Enter the interface to listen on. show Displays TCP packet information. save file Enter the name of the file in which the tcpdump is saved. Command Notes
Role Super, Read Only Related Commands — Introduced in Release 4.4.1 Example
tcpdump filtering on host IP 8.8.8.8, protocol = icmp, and display ethernetframe info (-e) tcpdump controller1 args=" -e host 8.8.8.8 and icmp" show tcpdump:verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 14:06:13.488774 00:50:56:92:30:be > 00:50:56:92:8b:1a, ethertype IPv4 (0x0800), length 98: 192.168.30.10 > 8.8.8.8: ICMP echo request, id 12410, seq 0, length 64 14:06:13.5395143e:2d:5f:3a:be:bd > 00:50:56:92:30:be, ethertype IPv4 (0x0800),lengthtcpdump controller1 args="-vvv" show tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 06:04:09.589948 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 179.19.44.2 (ff:ff:ff:ff:ff:ff) tell 179.19.44.7, length 46 06:04:09.589953 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 179.19.44.2 (ff:ff:ff:ff:ff:ff) tell 179.19.44.7, length 78tcpdump controller1 args="-c 5" save file=tcpdump_capture.pcap Saving... Press CTR+C to stop. tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 5 packets capturedtcpdump any args="src 11.11.11.5" show tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes 09:36:29.529452 IP 11.11.11.5 > 44.44.44.5: ICMP echo request, id 27, seq 377, length 64 09:36:29.529467 IP 11.11.11.5 > 44.44.44.5: ICMP echo request, id 27, seq 377, length 64 09:36:29.529471 IP 11.11.11.5 > 44.44.44.5: ICMP echo request, id 27, seq 377, length 64 09:36:30.553375 IP 11.11.11.5 > 44.44.44.5: ICMP echo request, id 27, seq 378, length 64 09:36:30.553383 IP 11.11.11.5 > 44.44.44.5: ICMP echo request, id 27, seq 378, length 64 09:36:30.553385 IP 11.11.11.5 > 44.44.44.5: ICMP echo request, id 27, seq 378, length 64 ^C 6 packets captured 9 packets received by filter 0 packets dropped by kerneltcpdump any srcv4=11.11.11.5 -vv show tcpdump: listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes 09:36:37.721372 IP (tos 0x0, ttl 63, id 60721, offset 0, flags [DF], proto ICMP (1), length 84) 11.11.11.5 > 44.44.44.5: ICMP echo request, id 27, seq 385, length 64 09:36:37.721380 IP (tos 0x0, ttl 62, id 60721, offset 0, flags [DF], proto ICMP (1), length 84) 11.11.11.5 > 44.44.44.5: ICMP echo request, id 27, seq 385, length 64 09:36:37.721381 IP (tos 0x0, ttl 62, id 60721, offset 0, flags [DF], proto ICMP (1), length 84) 11.11.11.5 > 44.44.44.5: ICMP echo request, id 27, seq 385, length 64 09:36:38.745249 IP (tos 0x0, ttl 63, id 60951, offset 0, flags [DF], proto ICMP (1), length 84) 11.11.11.5 > 44.44.44.5: ICMP echo request, id 27, seq 386, length 64 09:36:38.745256 IP (tos 0x0, ttl 62, id 60951, offset 0, flags [DF], proto ICMP (1), length 84) 11.11.11.5 > 44.44.44.5: ICMP echo request, id 27, seq 386, length 64 09:36:38.745258 IP (tos 0x0, ttl 62, id 60951, offset 0, flags [DF], proto ICMP (1), length 84) 11.11.11.5 > 44.44.44.5: ICMP echo request, id 27, seq 386, length 64 ^C 6 packets captured 9 packets received by filter 0 packets dropped by kernel