Troubleshooting
Using tcpdump
Note
- You must have administrator privileges on your Equalizer to use the tcpdump feature.
tcpdump is a packet analyzer tool that can be used to analyze Equalizer packet activity to/from:
l
an interface (port)
l
an aggregated interface
l
VLAN
l
cluster
l
server
It prints the contents of network packets and allows you to intercept and display TCP/IP and other
packets being transmitted or received over the network on which the appliance is installed. It.
prints out a description of the contents of packets that match Boolean expressions and saves the
packet data to a
*.tgz
file stored in
.../var/crash
in the Equalizer file system. The file can then
be used for later analysis. You can capture packets from a maximum of 5 objects at one time.
The flexibility provided by Equalizer's tcpdump feature is that you can capture packets based on
header information, capture packets to/from servers or cluster and ports, or capture packets
to/from objects based on protocol, such as ICMP.
In all cases, only packets that match expressions will be processed by tcpdump.
tcpdump is used with the Equalizer CLI using the
eqcli > diags tcpdump
commands or in
diags
context. The number of packets captured can be specified by either command line syntax or by
manually halting a capture-in-progress using
CTRL+C
to stop it. For example, if you need to
capture packets from a server (
sv01
) you would enter the following:
eqcli diags >
tcpdump count
50
capture server
sv01
In this example, tcpdump will capture 50 packets to/from server
sv01
and store the capture to
.
../var/crash
in the Equalizer file system. Since the number of packets to capture is specified,
it is not necessary to use
CTRL+C
to stop the capture.
Internally, Equalizer stores up to 10MB in up to 10-1MB raw packet capture files. That is,
1MB files are filled with capture data until a maximum of 10 files are full. When the 10 files
are full, incoming captures will overwrite the first 1MB file, then the 2nd, and, so on. In the
event that a packet count is not specified in the CLI syntax, this mechanism prevents
captured data from exceeding Equalizer's 10MB capacity.
772
Copyright © 2014 Coyote Point Systems, A Subsidiary of Fortinet, Inc.
Summary of Contents for Equalizer GX Series
Page 18: ......
Page 32: ...Overview 32 Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc ...
Page 42: ......
Page 52: ......
Page 64: ......
Page 72: ......
Page 76: ......
Page 228: ......
Page 238: ......
Page 476: ......
Page 492: ......
Page 530: ......
Page 614: ......
Page 626: ......
Page 638: ......
Page 678: ......
Page 732: ...Using SNMP Traps 732 Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc ...
Page 754: ......
Page 790: ......
Page 804: ......
Page 842: ......
Page 866: ......