tcpdump: no such file or directory

Not applicable

tcpdump: no such file or directory

Hi all,

I have some problems with the tcpdump command/option.

When I start an tcpdump at the GUI nothing will happen. I didn't see any pcap files being created.

When I stop de capture and start an new capture via the CLI, I still didn't see any files being created.

When I use the command "debug dataplane packet-diag show setting" I see the capture is enabled and also that there is data being captured.

But when I want to view the files with  "view-pcap filter-pcap <file>" I didn't see any files. I see the following error "tcpdump: /opt/panlogs/session/pan/filters/dr_temp: No such file or directory"

I am running since friday 13th september version 5.07, this is the first time I want to use the packet capture.

Thanks a lot,

Best Regards

Patrick Pater

CLI ouput:

admpatc@nwc-pan01(active)> debug dataplane packet-diag set filter match source 172.24.22.145 destination 206.221.218.106

admpatc@nwc-pan01(active)> debug dataplane packet-diag set filter on

debug packet filter: on

admpatc@nwc-pan01(active)> debug dataplane packet-diag set capture stage firewall file fw_temp

admpatc@nwc-pan01(active)> debug dataplane packet-diag set capture stage drop file dr_temp

admpatc@nwc-pan01(active)> debug dataplane packet-diag set capture on

Packet capture is enabled

admpatc@nwc-pan01(active)>

admpatc@nwc-pan01(active)>

admpatc@nwc-pan01(active)>

admpatc@nwc-pan01(active)> debug dataplane packet-diag show setting

DP 0:

--------------------------------------------------------------------------------

Packet diagnosis setting:

--------------------------------------------------------------------------------

Packet filter

  Enabled:                   yes

  Match pre-parsed packet:   no          

  Index 1: 172.18.100.196[0]->172.19.0.172[0], proto 0

           ingress-interface any, egress-interface any, exclude non-IP

  Index 2: 172.19.0.172[0]->172.18.100.196[0], proto 0

           ingress-interface any, egress-interface any, exclude non-IP

  Index 3: 172.24.22.145[0]->206.221.218.106[0], proto 0

           ingress-interface any, egress-interface any, exclude non-IP

--------------------------------------------------------------------------------

Logging

  Enabled:                   no

  Log-throttle:              no

  Sync-log-by-ticks:         yes          

  Features:

  Counters:

--------------------------------------------------------------------------------

Packet capture

  Enabled:                   yes

  Snaplen:                   0           

  Stage receive           :  file rc_temp

    Captured:     packets - 175971894   bytes - -393362184

    Maximum:      packets - 0          bytes - 0         

  Stage firewall          :  file fw_temp

    Captured:     packets - 7          bytes - 1672      

    Maximum:      packets - 0          bytes - 0         

  Stage transmit          :  file tr_temp

    Captured:     packets - 141006802   bytes - 1012398910

    Maximum:      packets - 0          bytes - 0         

  Stage drop              :  file dr_temp

    Captured:     packets - 0          bytes - 0         

    Maximum:      packets - 0          bytes - 0         

--------------------------------------------------------------------------------

DP 1:

--------------------------------------------------------------------------------

Packet diagnosis setting:

--------------------------------------------------------------------------------

Packet filter

  Enabled:                   yes

  Match pre-parsed packet:   no          

  Index 1: 172.18.100.196[0]->172.19.0.172[0], proto 0

           ingress-interface any, egress-interface any, exclude non-IP

  Index 2: 172.19.0.172[0]->172.18.100.196[0], proto 0

           ingress-interface any, egress-interface any, exclude non-IP

  Index 3: 172.24.22.145[0]->206.221.218.106[0], proto 0

           ingress-interface any, egress-interface any, exclude non-IP

--------------------------------------------------------------------------------

Logging

  Enabled:                   no

  Log-throttle:              no

  Sync-log-by-ticks:         yes          

  Features:

  Counters:

--------------------------------------------------------------------------------

Packet capture

  Enabled:                   yes

  Snaplen:                   0          

  Stage receive           :  file rc_temp

    Captured:     packets - 131565138   bytes - 1029127097

    Maximum:      packets - 0          bytes - 0         

  Stage firewall          :  file fw_temp

    Captured:     packets - 735        bytes - 681271    

    Maximum:      packets - 0          bytes - 0         

  Stage transmit          :  file tr_temp

    Captured:     packets - 139289247   bytes - 1629492578

    Maximum:      packets - 0          bytes - 0         

  Stage drop              :  file dr_temp

    Captured:     packets - 0          bytes - 0         

    Maximum:      packets - 0          bytes - 0         

--------------------------------------------------------------------------------

admpatc@nwc-pan01(active)> view-pcap filter-pcap tem

  <No files available>  Directory is empty

  <Enter>               Finish input

admpatc@nwc-pan01(active)> view-pcap filter-pcap dr

  <No files available>  Directory is empty

  <Enter>               Finish input

admpatc@nwc-pan01(active)> view-pcap filter-pcap dr_temp

tcpdump: /opt/panlogs/session/pan/filters/dr_temp: No such file or directory

admpatc@nwc-pan01(active)>

admpatc@nwc-pan01(active)>

admpatc@nwc-pan01(active)>

admpatc@nwc-pan01(active)>

admpatc@nwc-pan01(active)> view-pcap filter-pcap dr_temp

tcpdump: /opt/panlogs/session/pan/filters/dr_temp: No such file or directory

admpatc@nwc-pan01(active)>

admpatc@nwc-pan01(active)>

admpatc@nwc-pan01(active)>

L5 Sessionator

Re: tcpdump: no such file or directory

Hello ppater,

I see the packets getting captured for receive, firewall and transmit stage. 

Could you please perform the following steps and let us if it helped:

1.) Clear packet filter logs

debug dataplane packet-diag clear all

2.) Delete any remaining files

> delete debug-filter file *

3.) Restart vardata-receiver process. FYI, this restart of this process will be non-intrusive.

> debug software restart vardata-receiver

4.) Set filter and capture and test.

Regards,

Kunal Adak

Not applicable

Re: tcpdump: no such file or directory

Hello Kunal,

Thank you very much, this works!

Superb!!

Best Regards

Patrick Pater

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!