Port analyse by TCPDUMP

Reply
Highlighted
L0 Member

Port analyse by TCPDUMP

Hello All,

 

I would like to capture packet by tcpdump on other interface than management interface.

How can do it ? (please explain more detailled as possible).

 

Thanks for your help.

GB.

Tags (1)
Highlighted
L7 Applicator

i dont think you can so I just use /monitor/packet capture

Highlighted
L7 Applicator
Highlighted
L0 Member

Yes, thanks. But i precise that i would like to see the trafic  streaming in real time like tcpdump under Linux, because i manipulate the rules in production, and i don't cut for more than a few second. I don't have a sandbox to test.

 

Highlighted
L7 Applicator

Ok this is not possible, you could mirror the port on the switch or install a hub between the PA and your switch.

Highlighted
L7 Applicator

Technically it can be done using the "follow yes" option in CLI:

 

> view-pcap follow yes verbose++ filter-pcap tx-test 

It will not help @BLAISEMONT much though, because once you change rules you have to commit the changes and then all the traffic is affected. It's also a burdon to the management plane if the capture filter is not narrow enough. The mirror/span port option is by far the best, as long as the switch can handle it.

 

In case that's missed, you should avoid doing this in production just in case.

 

Generally without a lab/sandbox though, I'd recommend creating a test rule change that would only apply to the test user above the rule being changed. That allows you to test things out without affecting production. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!