Configuring Packet Capture

The Packet Capture feature helps you capture all packets being transmitted and received over physical and virtual network interface controllers (physical port and vNIC) for analysis. These packets are inspected to diagnose and solve network problems. Packets are stored in the/data/intdatastore/pktcaptures folder on the host server.

Benefits

  • You can customize the configuration to capture specific packets such as Internet Control Message Protocol (ICMP), TCP, UDP, and Address Resolution Protocol (ARP).

  • You can specify a time period over which packets are captured. The default is 60 seconds.

To configure packet capture on a physial port:


configure terminal
tcpdump port eth0

Output: pcap-location /data/intdatastore/pktcaptures/tcpdump_eth0.pcap

To configure packet capture on a vNIC:


configure terminal
tcpdump vnic tenant-name admin deployment-name 1489084431 vm-name ROUTER vnic-id 0 time 30

Output: pcap-location /data/intdatastore/pktcaptures/1489084431_ROUTER_vnic0.pcap

Types of Errors

Error

Scenario

Port/vnic not found

When non-existing interface is given as input.

File/directory not created

When the system is running out of disk space.

The tcpdump command fails

When the system is running out of disk space.

These errors are logged in the nfvis_config.log. By default, warnings and errors are logged,

Example: Debug Built-in Switch Issues

To monitor traffic problems related to built-in switch on an internal interface:

The regular traffic flow between int-LAN and GE1/0 is:

GE0-0-- vnic1---(VM)--vnic2--intLAN--GE1/0

The NFVIS portal has the capability to capture packets. In the network diagram, right click on any vertical line and a window pops up where you can select the duration of the capture. The packet capture starts on the selected interface link. At the end of the capture, a file is downloaded to your local machine. SPAN sessions are supported on both NFVIS host and the built-in switch.

The following is an example of SPAN in built-in switch:

  1. From NFVIS system shell-access, get the password which can be used later.

    
    cd /opt/switch-confd/
    python decrypt_switch.py
    
    <it will print out a string, it will be the password you need to use later>
    8H7)gR348V4Byq4mwjiNt
    
  2. From Cisco IMC complete the challenge-response authentication:

    
    #connect debug-shell
    #sldp
    login <hit return>
    it will print out the challenge string
    enter the  respond string
    # switch-con ge
    user-name:cisco
    password: <enter the sring we get from nfvis system shell>
    
    User Name:cisco
    Password:*********************.   <this is the password you get from step 1 above>
    
  3. To configure SPAN specify the source and distribution interface and direction of the packet flow. For example, if you want to mirror XG2 output packet to Ge0, connect an external packet capture tool in GE1/0 and you will see all packets flow from internal XG2. In the following example, the traffic between int_LAN and GE1/0 go through internal interface XE2 and traffic for XE2 interface is monitored:

    
    nfvis(config)#monitor session 1 source interface XG 2 out
    nfvis(config)#monitor session 1 destination interface GigabitEthernet 0
    remember to unconfig it once you finish debuging.
    nfvis(config)#no monitor session 1 destination
    nfvis(config)#no monitor session 1 source interface XG 2
    

Packet Capture APIs and Commands

APIs

Commands

  • /api/operations/packet-capture/tcpdump

  • tcpdump port

  • tcpdump vnic