Scribd Logo
Upload

Welcome to Scribd!

  • 150 views

    ISILON - How To Run Tcpdump in Compliance Mode On Multiple Interfaces Across All Nodes - Dell US

    Uploaded by

    amineki
    This document provides instructions for running tcpdump in compliance mode to capture network traffic across multiple network interfaces on all nodes of an Isilon cluster. The steps are: 1) Create a folder to save packet captures, 2) Start the capture by running tcpdump on each interface of each node, 3) Verify the capture is running, 4) Reproduce the issue being investigated, 5) Stop the capture and verify it has stopped on all nodes, 6) Upload the packet captures along with log files for analysis.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    ISILON - How To Run Tcpdump in Compliance Mode On Multiple Interfaces Across All Nodes - Dell US

    Uploaded by

    amineki
    150 views3 pages
    This document provides instructions for running tcpdump in compliance mode to capture network traffic across multiple network interfaces on all nodes of an Isilon cluster. The steps are: 1) Create a folder to save packet captures, 2) Start the capture by running tcpdump on each interface of each node, 3) Verify the capture is running, 4) Reproduce the issue being investigated, 5) Stop the capture and verify it has stopped on all nodes, 6) Upload the packet captures along with log files for analysis.

    Original Description:

    Original Title

    ISILON_ How To Run Tcpdump In Compliance Mode On Multiple Interfaces Across All Nodes_ _ Dell US

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides instructions for running tcpdump in compliance mode to capture network traffic across multiple network interfaces on all nodes of an Isilon cluster. The steps are: 1) Create a folder to save packet captures, 2) Start the capture by running tcpdump on each interface of each node, 3) Verify the capture is running, 4) Reproduce the issue being investigated, 5) Stop the capture and verify it has stopped on all nodes, 6) Upload the packet captures along with log files for analysis.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    150 views3 pages

    ISILON - How To Run Tcpdump in Compliance Mode On Multiple Interfaces Across All Nodes - Dell US

    Uploaded by

    amineki
    This document provides instructions for running tcpdump in compliance mode to capture network traffic across multiple network interfaces on all nodes of an Isilon cluster. The steps are: 1) Create a folder to save packet captures, 2) Start the capture by running tcpdump on each interface of each node, 3) Verify the capture is running, 4) Reproduce the issue being investigated, 5) Stop the capture and verify it has stopped on all nodes, 6) Upload the packet captures along with log files for analysis.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 3

    21/07/2022 13:31 ISILON: How To Run Tcpdump In Compliance Mode On Multiple Interfaces Across All Nodes?

    | Dell US

    Article Number: 000019451 Print

    ISILON: How To Run Tcpdump In Compliance Mode On


    Multiple Interfaces Across All Nodes?
    Summary:
    Compliance mode requires slight changes to Support's usual tcpdump commands.

    Article Content

    Instructions

    1. Create a folder to save the packet captures.


    1. mkdir -p /ifs/data/tcpdump/$(date +%F)

    # Writes to Isilon_Support are protected, use /ifs/data/tcpdump/ instead.

    2. Start the capture.


    1. sudo isi_for_array 'for iface in `ifconfig | grep -B2 ether | grep flags | grep -v ISIINTERNAL | cut -d ":" -f1`;
    do echo `hostname`; sudo tcpdump -i $iface -s1000 -w /ifs/data/tcpdump/$(date +%F)/`hostname`_"$iface"_$(date
    +%F_%H%M%S).pcap &; done'

    # Press Ctrl+C to return to the shell prompt after all tcpdumps have started.

    # See the notes for expected output. (There are a number of errors that don't affect the capture)

    3. Verify that the capture is running.


    1. sudo isi_for_array "ps -auwwxx | grep tcpdump | grep -v grep"

    4. Reproduce the issue.


    5. Stop the capture and verify that it stopped on all nodes.
    1. sudo isi_for_array "sudo killall tcpdump"

    sudo isi_for_array "ps -auwwxx | grep tcpdump | grep -v grep"

    # See notes for expected output

    6. Upload the captures with a logset.


    1. sudo isi_gather_info -f /ifs/data/tcpdump/$(date +%F)

    Additional Information

    When running the capture it is possible to see a number of errors about "do" unexpected; these can be ignored.

    The following shows a successful capture start:

    https://www.dell.com/support/kbdoc/en-us/article/lkbprint?ArticleNumber=000019451&AccessLevel=10&Lang=en 1/3
    21/07/2022 13:31 ISILON: How To Run Tcpdump In Compliance Mode On Multiple Interfaces Across All Nodes? | Dell US

    Isilon-1% sudo isi_for_array 'for iface in `ifconfig | grep -B2 ether | grep flags | grep -v ISIINTERNAL | cut -d ":" -f1`;
    do echo `hostname`; sudo tcpdump -i $iface -s1000 -w /ifs/data/tcpdump/$(date +%F)/`hostname`_"$iface"_$(date
    +%F_%H%M%S).pcap &; done'

    Syntax error: "do" unexpected

    Syntax error: "do" unexpected

    Syntax error: "do" unexpected

    Isilon-1: Isilon-1

    Isilon-3: Isilon-3

    Isilon-1: Isilon-1

    Isilon-2: Isilon-2

    Isilon-1: tcpdump: WARNING: unable to contact casperd

    Isilon-1: tcpdump: WARNING: em2: no IPv4 address assigned

    Isilon-1: tcpdump: WARNING: unable to contact casperd

    Isilon-1: tcpdump: listening on em1, link-type EN10MB (Ethernet), capture size 1000 bytes

    Isilon-1: tcpdump: listening on em2, link-type EN10MB (Ethernet), capture size 1000 bytes

    Isilon-3: Isilon-3

    Isilon-3: tcpdump: WARNING: em1: no IPv4 address assigned

    Isilon-3: tcpdump: WARNING: unable to contact casperd

    Isilon-3: tcpdump: WARNING: em2: no IPv4 address assigned

    Isilon-3: tcpdump: WARNING: unable to contact casperd

    Isilon-3: tcpdump: listening on em1, link-type EN10MB (Ethernet), capture size 1000 bytes

    Isilon-3: tcpdump: listening on em2, link-type EN10MB (Ethernet), capture size 1000 bytes

    Isilon-2: Isilon-2

    Isilon-2: tcpdump: WARNING: em2: no IPv4 address assigned

    Isilon-2: tcpdump: WARNING: unable to contact casperd

    Isilon-2: tcpdump: WARNING: em1: no IPv4 address assigned

    Isilon-2: tcpdump: WARNING: unable to contact casperd

    Isilon-2: tcpdump: listening on em2, link-type EN10MB (Ethernet), capture size 1000 bytes

    Isilon-2: tcpdump: listening on em1, link-type EN10MB (Ethernet), capture size 1000 bytes

    # Pressed Ctrl+C to return to shell

    Isilon-1%

    When checking running processes, expect to see something like the following:

    Isilon-1% sudo isi_for_array "ps -auwwxx | grep tcpdump | grep -v grep"

    Isilon-3: root 71317 0.0 0.3 90240 6188 - SN@ 3:25PM 0:00.01 sudo tcpdump -i em1 -s1000 -w
    /ifs/data/tcpdump/2018-09-14/Isilon-3_2018-09-14_152532.pcap

    Isilon-3: root 71322 0.0 0.3 90240 6188 - SN@ 3:25PM 0:00.01 sudo tcpdump -i em2 -s1000 -w
    /ifs/data/tcpdump/2018-09-14/Isilon-3_2018-09-14_152532.pcap

    Isilon-3: root 71323 0.0 0.4 70236 7816 - SN 3:25PM 0:00.02 tcpdump -i em1 -s1000 -w
    /ifs/data/tcpdump/2018-09-14/Isilon-3_2018-09-14_152532.pcap

    Isilon-3: root 71324 0.0 0.4 70236 7820 - SN 3:25PM 0:00.02 tcpdump -i em2 -s1000 -w
    /ifs/data/tcpdump/2018-09-14/Isilon-3_2018-09-14_152532.pcap

    Isilon-1: root 76007 0.0 0.3 89984 6088 - SN@ 3:25PM 0:00.01 sudo tcpdump -i em1 -s1000 -w
    /ifs/data/tcpdump/2018-09-14/Isilon-1_2018-09-14_152532.pcap

    Isilon-1: root 76012 0.0 0.3 89984 6088 - SN@ 3:25PM 0:00.01 sudo tcpdump -i em2 -s1000 -w
    /ifs/data/tcpdump/2018-09-14/Isilon-1_2018-09-14_152532.pcap

    Isilon-1: root 76013 0.0 0.4 70236 7736 - SN 3:25PM 0:00.02 tcpdump -i em1 -s1000 -w
    /ifs/data/tcpdump/2018-09-14/Isilon-1_2018-09-14_152532.pcap

    Isilon-1: root 76014 0.0 0.4 70236 7736 - SN 3:25PM 0:00.02 tcpdump -i em2 -s1000 -w
    /ifs/data/tcpdump/2018-09-14/Isilon-1_2018-09-14_152532.pcap

    Isilon-2: root 51721 0.0 0.3 90240 6180 - SN@ 3:25PM 0:00.01 sudo tcpdump -i em1 -s1000 -w
    /ifs/data/tcpdump/2018-09-14/Isilon-2_2018-09-14_152532.pcap

    Isilon-2: root 51726 0.0 0.3 90240 6180 - SN@ 3:25PM 0:00.01 sudo tcpdump -i em2 -s1000 -w
    /ifs/data/tcpdump/2018-09-14/Isilon-2_2018-09-14_152532.pcap

    Isilon-2: root 51727 0.0 0.4 70236 7752 - SN 3:25PM 0:00.02 tcpdump -i em2 -s1000 -w
    /ifs/data/tcpdump/2018-09-14/Isilon-2_2018-09-14_152532.pcap

    Isilon-2: root 51728 0.0 0.4 70236 7752 - SN 3:25PM 0:00.02 tcpdump -i em1 -s1000 -w
    /ifs/data/tcpdump/2018-09-14/Isilon-2_2018-09-14_152532.pcap

    After killing tcpdump, expect to see the following:

    Isilon-1% sudo isi_for_array "ps -auwwxx | grep tcpdump | grep -v grep"

    Isilon-2 exited with status 1

    Isilon-1 exited with status 1

    Isilon-3 exited with status 1

    Article Properties

    https://www.dell.com/support/kbdoc/en-us/article/lkbprint?ArticleNumber=000019451&AccessLevel=10&Lang=en 2/3
    21/07/2022 13:31 ISILON: How To Run Tcpdump In Compliance Mode On Multiple Interfaces Across All Nodes? | Dell US

    Affected Product
    Isilon

    Product
    Isilon

    Last Published Date


    20 Nov 2020

    Version
    2

    Article Type
    How To

    https://www.dell.com/support/kbdoc/en-us/article/lkbprint?ArticleNumber=000019451&AccessLevel=10&Lang=en 3/3

    You might also like