tcpdump: no such file or directory

ppater · ‎09-24-2013

Hi all,

I have some problems with the tcpdump command/option.

When I start an tcpdump at the GUI nothing will happen. I didn't see any pcap files being created.

When I stop de capture and start an new capture via the CLI, I still didn't see any files being created.

When I use the command "debug dataplane packet-diag show setting" I see the capture is enabled and also that there is data being captured.

But when I want to view the files with "view-pcap filter-pcap <file>" I didn't see any files. I see the following error "tcpdump: /opt/panlogs/session/pan/filters/dr_temp: No such file or directory"

I am running since friday 13th september version 5.07, this is the first time I want to use the packet capture.

Thanks a lot,

Best Regards

Patrick Pater

CLI ouput:

admpatc@nwc-pan01(active)> debug dataplane packet-diag set filter match source 172.24.22.145 destination 206.221.218.106

admpatc@nwc-pan01(active)> debug dataplane packet-diag set filter on

debug packet filter: on

admpatc@nwc-pan01(active)> debug dataplane packet-diag set capture stage firewall file fw_temp

admpatc@nwc-pan01(active)> debug dataplane packet-diag set capture stage drop file dr_temp

admpatc@nwc-pan01(active)> debug dataplane packet-diag set capture on

Packet capture is enabled

admpatc@nwc-pan01(active)>

admpatc@nwc-pan01(active)> debug dataplane packet-diag show setting

DP 0:

--------------------------------------------------------------------------------

Packet diagnosis setting:

--------------------------------------------------------------------------------

Packet filter

Enabled: yes

Match pre-parsed packet: no

Index 1: 172.18.100.196[0]->172.19.0.172[0], proto 0

ingress-interface any, egress-interface any, exclude non-IP

Index 2: 172.19.0.172[0]->172.18.100.196[0], proto 0

ingress-interface any, egress-interface any, exclude non-IP

Index 3: 172.24.22.145[0]->206.221.218.106[0], proto 0

ingress-interface any, egress-interface any, exclude non-IP

--------------------------------------------------------------------------------

Logging

Enabled: no

Log-throttle: no

Sync-log-by-ticks: yes

Features:

Counters:

--------------------------------------------------------------------------------

Packet capture

Enabled: yes

Snaplen: 0

Stage receive : file rc_temp

Captured: packets - 175971894 bytes - -393362184

Maximum: packets - 0 bytes - 0

Stage firewall : file fw_temp

Captured: packets - 7 bytes - 1672

Maximum: packets - 0 bytes - 0

Stage transmit : file tr_temp

Captured: packets - 141006802 bytes - 1012398910

Maximum: packets - 0 bytes - 0

Stage drop : file dr_temp

Captured: packets - 0 bytes - 0

Maximum: packets - 0 bytes - 0

--------------------------------------------------------------------------------

DP 1:

--------------------------------------------------------------------------------

Packet diagnosis setting:

--------------------------------------------------------------------------------

Packet filter

Enabled: yes

Match pre-parsed packet: no

Index 1: 172.18.100.196[0]->172.19.0.172[0], proto 0

ingress-interface any, egress-interface any, exclude non-IP

Index 2: 172.19.0.172[0]->172.18.100.196[0], proto 0

ingress-interface any, egress-interface any, exclude non-IP

Index 3: 172.24.22.145[0]->206.221.218.106[0], proto 0

ingress-interface any, egress-interface any, exclude non-IP

--------------------------------------------------------------------------------

Logging

Enabled: no

Log-throttle: no

Sync-log-by-ticks: yes

Features:

Counters:

--------------------------------------------------------------------------------

Packet capture

Enabled: yes

Snaplen: 0

Stage receive : file rc_temp

Captured: packets - 131565138 bytes - 1029127097

Maximum: packets - 0 bytes - 0

Stage firewall : file fw_temp

Captured: packets - 735 bytes - 681271

Maximum: packets - 0 bytes - 0

Stage transmit : file tr_temp

Captured: packets - 139289247 bytes - 1629492578

Maximum: packets - 0 bytes - 0

Stage drop : file dr_temp

Captured: packets - 0 bytes - 0

Maximum: packets - 0 bytes - 0

--------------------------------------------------------------------------------

admpatc@nwc-pan01(active)> view-pcap filter-pcap tem

<No files available> Directory is empty

<Enter> Finish input

admpatc@nwc-pan01(active)> view-pcap filter-pcap dr

<No files available> Directory is empty

<Enter> Finish input

admpatc@nwc-pan01(active)> view-pcap filter-pcap dr_temp

tcpdump: /opt/panlogs/session/pan/filters/dr_temp: No such file or directory

admpatc@nwc-pan01(active)>

admpatc@nwc-pan01(active)> view-pcap filter-pcap dr_temp

tcpdump: /opt/panlogs/session/pan/filters/dr_temp: No such file or directory

admpatc@nwc-pan01(active)>

kadak · ‎09-24-2013

Hello ppater,

I see the packets getting captured for receive, firewall and transmit stage.

Could you please perform the following steps and let us if it helped:

1.) Clear packet filter logs

debug dataplane packet-diag clear all

2.) Delete any remaining files

> delete debug-filter file *

3.) Restart vardata-receiver process. FYI, this restart of this process will be non-intrusive.

> debug software restart vardata-receiver

4.) Set filter and capture and test.

Regards,

Kunal Adak

View solution in original post

kadak · ‎09-24-2013

Hello ppater,

I see the packets getting captured for receive, firewall and transmit stage.

Could you please perform the following steps and let us if it helped:

1.) Clear packet filter logs

debug dataplane packet-diag clear all

2.) Delete any remaining files

> delete debug-filter file *

3.) Restart vardata-receiver process. FYI, this restart of this process will be non-intrusive.

> debug software restart vardata-receiver

4.) Set filter and capture and test.

Regards,

Kunal Adak

ppater · ‎09-24-2013

Hello Kunal,

Thank you very much, this works!

Superb!!

Best Regards

Patrick Pater

Unlock your full community experience!

tcpdump: no such file or directory

tcpdump: no such file or directory

Show your appreciation!