TCP Overview
TCP is a connection-oriented protocol that specifies the format of data and acknowledgments that two computer systems exchange to transfer data. TCP also specifies the procedures the computers use to ensure that the data arrives correctly. TCP allows multiple applications on a system to communicate concurrently, because it handles all demultiplexing of the incoming traffic among the application programs.
TCP Dump File Converter
TCP dump file converter is a tool that converts ios-xr dump-files in binary format to user-friendly format such as PCAP or text.
It proves especially useful when you disable Non-Stop Routing (NSR) or experience a session flap on your system. During such incidents, by default, the TCP process running on the NCS system promptly stores the latest 200 packet traces in binary format within a temporary folder.
TCP dump packet traces also includes data about the configured routing protocols and the overall network traffic traversing your system. This data equips you with the necessary insights to identify and resolve issues within your network infrastructure, facilitating proactive network troubleshooting.
You can view the packet traces binary files in the user-readable format using the following methods:
-
You can use the show tcp dump-file <binary filename> command to view each binary file in text format manually. For more information, refer to View Binary Files in Text Format Manually.
This process consumes much time, as you have to view each file manually one after another.
-
You can convert all stored packet traces in binary files into PCAP, text, or both using the tcp dump-file convert command. For more information, refer to Convert Binary Files to Readable Format Using TCP Dump File Converter.
This active approach greatly improves the efficiency and ease of packet analysis during network troubleshooting.
Limitations and Restrictions for TCP Dump File Converter
-
The system only stores the most recent 200 message exchanges that occurred right before the session termination, when NSR is disabled, or during a session flap.
-
You can view only one binary file in text format using the show tcp dump-file <binary filename> command.
-
TCP dump files are generated by default for BGP, MSDP, MPLS LDP and SSH.
View Binary Files in Text Format Manually
Procedure
Step 1 |
View the list of packet traces in binary files stored in the tcpdump folder using the show tcp dump-file list all command. Example:
|
Step 2 |
View each packet traces binary file in text format using the show tcp dump-file <binary filename> command. Example:
The above sample displays only a part of the actual output; the actual output displays more details. |
Convert Binary Files to Readable Format Using TCP Dump File Converter
Procedure
Step 1 |
Execute the tcp dump-file convert all-formats all command to convert the dump packet traces in binary files into PCAP and text formats. Example:
By default, the system stored the converted files in the "decoded_dumpfiles" folder on the "hard disk". Using the location node-id and file <file path> keywords, you can save the converted TCP dump file to your desired location. For example, tcp dump-file convert all-formats all location 0/RP0/CPU0 file /harddisk:/demo2 .
|
Step 2 |
To view the converted text file in the CLI, use the run cat <text file path> command. Example:
The above sample displays only a part of the actual output; the actual output displays more details. |
Step 3 |
Copy the converted packet traces from the system to your local computer using the scp command and view the converted PCAP file. |