Perform a Packet Capture in a Telemetry Broker Node

Available Languages

Download Options

  • PDF     (113.9 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (174.8 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (191.9 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:February 5, 2024
Document ID:221628

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes how to perform a packet capture in a Cisco Telemetry Broker (CTB) Broker node.

    Prerequisites

    Requirements

    Cisco recommends that you have knowledge of these topics:

    • Basic Linux administration
    • Basic Cisco Telemetry Broker architecture
    • SSH basic knowledge
    • Command Line Interface (CLI) access as admin and root is needed to perform the packet capture.

    Components Used

    The information in this document is based on CTB Broker node running version 2.0.1.

    The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

    Configure

    The CTB Broker Node has a tool called ctb-pcap that is used to perform a network capture from the telemetry interface of the broker node. Note that this tool is not available at the CTB Manager Node.

    Before you use the command ctb-pcap, ensure that you first switch to the root user with the command sudo su. This tool is available to the root user only.

    To view the available options for this tool, run the command ctb-pcap --help at the CLI of the Broker node. This image displays the full list of the options:

    All available options for CTB packet capture toolAll available options for CTB packet capture tool

    As the output indicates, the number of captured packets, the duration in seconds, and the packet capture output file name are required. Moreover, the packet type, either received, sent, or dropped packets, must be stated in the command.

    You can use the next syntax as the basis of the packet capture command, which already specifies the number of captured packets, the duration and the file name of the packet capture, as well as the verbose option and packet type:

    ctb-pcap -V -n [number_pkts] -t [duration] -o [filename] [rx/tx/drop]

    Verify

    As an example, you can do a packet capture with verbose option, 100 packets, for thirty seconds, filtered by source 10.10.10.10 of received packets and save the output with the name received_packets.pcap.

    The command to perform such packet capture is:

    ctb-pcap -V -n 100 -t 120 -s 10.10.10.10 -o received_packets.pcap rx

    Enter the command at the CLI of the Broker Node and the packet capture begins. When the packet capture finishes, the file is automatically saved to /var/lib/titan/pcap/ directory.

    Here is an example of the verbose output from the packet capture command:

    Verbose output from the example commandVerbose output from the example command

    Note that for the duration and number of packet options, the first one stops the packet capture. (For example, if a total of 100 packets have been captured even though the thirty of the duration have not been completed, the packet capture is stopped. In this example, the duration of thirty seconds was reached first, so only 66 packets were captured.)

    After the packet capture has been generated, use SCP or SFTP to transfer the file to your local machine. If you use SFTP, enter the admin credentials to connect to the appliance.

    Related Information

    Revision History

    Revision Publish Date Comments
    1.0
    06-Feb-2024
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    • Omar De Felipe Solis
      Technical Consulting Engineer

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products