11-02-2017 10:38 AM
Hello All,
I would like to capture packet by tcpdump on other interface than management interface.
How can do it ? (please explain more detailled as possible).
Thanks for your help.
GB.
11-02-2017 12:37 PM
Yes, thanks. But i precise that i would like to see the trafic streaming in real time like tcpdump under Linux, because i manipulate the rules in production, and i don't cut for more than a few second. I don't have a sandbox to test.
11-02-2017 01:58 PM
Ok this is not possible, you could mirror the port on the switch or install a hub between the PA and your switch.
11-02-2017 02:38 PM
Technically it can be done using the "follow yes" option in CLI:
> view-pcap follow yes verbose++ filter-pcap tx-test
It will not help @BLAISEMONT much though, because once you change rules you have to commit the changes and then all the traffic is affected. It's also a burdon to the management plane if the capture filter is not narrow enough. The mirror/span port option is by far the best, as long as the switch can handle it.
In case that's missed, you should avoid doing this in production just in case.
Generally without a lab/sandbox though, I'd recommend creating a test rule change that would only apply to the test user above the rule being changed. That allows you to test things out without affecting production.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
