Explore Cisco
How to Buy

Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

CPS Troubleshooting Guide, Release 11.0.0

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Book Contents
Find Matches in This Book
Available Languages
Download Options

Book Title

CPS Troubleshooting Guide, Release 11.0.0

Chapter Title

TCP Dumps

Results

Updated:
December 6, 2016

Chapter: TCP Dumps

TCP Dumps

About TCP Dumps

CPS administrators can use the tcpdump Linux command in the command line to intercept and display TCP/IP packets, as well as others, as they are being transmitted or received.

With the tcpdump command, you can analyze network behavior, performance, and applications that generate or receive network traffic.

While not specific to CPS, the following examples of tcpdump are frequently helpful for troubleshooting CPS network packets.


Note
Starting the heapdump on policy director (LB) will have an impact on performance.

TCPDUMP Command

tcpdump -i any -s 0 port XXXX

where, XXXX is the port number you are interested in, RADIUS ports are used for default examples unless otherwise specified.

Options

To Specify Multiple Ports
To capture more than one port: 
tcpdump -i any -s 0 port 1812 or 1813
To capture a port range: 
tcpdump -i any -s 0 portrange 1812-1817
Combining both techniques: 
tcpdump -i any -s 0 portrange 1812-1817 or port 1700
Verbose Mode

tcpdump -i any -s 0 -v port XXXX

Even more Verbose Mode

tcpdump -i any -s 0 -vv port XXXX

Restrict to a Specific Interface, such as eth0

tcpdump -i eth0 -s 0 port XXXX

Redirect Output of the Command to a File

tcpdump -i any -s 0 port 1812 -w output.pcap

The resulting output.pcap file can be opened and utilized using such tools as WireShark.

More options

From a UNIX/Linux prompt, type man tcpdump.

Specific Traffic Types


Note

These examples assume that the default ports have not been changed or have been specified in Cisco Policy Builder. One must modify these examples to use the appropriate ports that have been specified in Cisco Policy Builder if the default/typical values have been changed.

Capture RADIUS Traffic

tcpdump -i any -s 0 port 1812 or 1813

Port 1812 is the default for Authorization traffic.

Port 1813 is the default for Accounting traffic.

Capture SNMP Traffic

tcpdump -i any -s 0 port 1161 or 1162 or 161 or 162


Note

This command works for both the sending and receiving machine; the port just needs to match the source or destination port.

Other Ports

The following information is the information format:

Host/VM name Port "Service/traffic type"

where XX is the numeric value of the given host, i.e. pcrfclient01.

pcrfclientXX 80 "Subversion"

pcrfclientXX 7070 "Policy Builder"

sessionmgrXX 27717 "Session Database"

sessionmgrXX 27718 "Quota/Balance Database"

sessionmgrXX 27719 "Reporting Database"

sessionmgrXX 27720 "USuM Database"

lbvipXX 80 "Subversion vip external"

lbvipXX 8080 "QNS/Unified API VIP"

lbvipXX 11211 "Memcache vip internal"

lbvipXX 7070 "Policy Builder VIP"

qnsXX 9091 "QNS admin port"

Was this Document Helpful?

FeedbackFeedback

Contact Cisco