• Tag : tcpdump


Forward TCPDump to Wireshark

Description Using TCPDump on an Arista switch is an impressive feature and can help with troubleshooting, security concerns, and much more. But if you need to watch a packet capture live using TCPDump can be tricky since you can’t use display filters, trace a packet, and use many different tools that are found in Wireshark. In this article, we will go over how we can forward our live TCPDump session to our local host computer running Wireshark. Please refer to this article to learn the basics of TCPDump on an Arista switch. Using tcpdump for Troubleshooting Platform Compatibility All Arista...
Continue reading →

Oprn TCPdump capture in WireShark

Hello, I was wondering, if it is possible to open a tcpdump capture file in Wireshark; renaming file to ‘pcpap’ extension didn’t work – “The file isn’t a capture file in a format Wireshark understands. Opening the file in notepad++ does not really provide me with the deep look into all the layers. The ideas was to capture the packets when they leave the VTI interface [Type2] to verify encapsulation is properly done. tcpdump -i et20 > /mnt/flash/udp.capture tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on et1, link-type EN10MB (Ethernet), capture size 262144 bytes...
Continue reading →

TCPDUMP on an Arista switch and redirect or send output via email, SCP and TFTP

Sending TCPDUMP output to external servers Objective Perform tcpdump on switch to help with troubleshooting control-plane traffic e.g.m STP, OSPF, BGP, NTP etc. directed to CPU of the switch without impacting performance. Then redirect the output to email/tftp/ftp server. Prerequisites Email server SSH server TFTP server DNS Resolution Arista switch configured to send email: (read all about it here) Email example Security Considerations Arista Networks EOS supports TLS and SMTP Authentication for email. It is important to understand that this provides security, but does not guarantee security end-to-end. For example, if you send an email from a switch with TLS...
Continue reading →

Using tcpdump for Troubleshooting

What is tcpdump? tcpdump is a command line packet sniffer (built into Linux) that is used to assist in troubleshooting network problems. Any traffic coming to or from the control plane of the Arista is visible when running the tcpdump utility on the Arista.  This does not include data plane traffic transiting the Arista switch.  For capturing data plane traffic, Arista supports monitoring/SPAN ports which copies hardware-forwarded traffic to a sniffer or to other suitable capture device for analysis.  You can also mirror to the CPU depending on platform and EOS image (https://eos.arista.com/eos-4-24-0f/mirroring-to-cpu-on-7050-7060-7260-7368-7300-and-720xp-series/).   How do I use tcpdump to...
Continue reading →


Get every new post on this blog delivered to your Inbox.

Join other followers: