tcpdump.sh
Function
Parameters
Parameter |
Description |
Value |
---|---|---|
-i | Sets the listening network interface. For Kunpeng series storage devices, when data packets are sent via the front-end service network, the interface must be specified as "-i vrf-srv" or as a specific network interface name. | Network interface name. |
-w | Sets a file to save the packets. | The value contains 1 to 80 ASCII characters including digits, letters, underscores (_), at sign (@), periods (.), and hyphens (-). |
-c | Sets the number of network packets. | The value is an integer from 1 to 160000. |
src | Sets the listening source address. | IP address. |
dst | Sets the listening destination address. | IP address. |
port | Sets the listening port. | Transport layer port number, ranging from 0 to 65535. |
and | The filter conditions are "and" relationships that support SRC, DST, and port parameters. | - |
or | The filter conditions are "or" relationships that support SRC, DST, and port parameters. | - |
-k | Kills execution of background commands. | - |
-h | Shows help information. | - |
-a | Displays functions of each subcommand of the tcpdump module. | - |
Usage Guidelines
The "tcpdump.sh" command is executed for analyzing NAS problems and identifying network disconnection problems.
- If this command is used to obtain header information of network packets from a specified NFS port (port 2049, 2050, 2051, or 2052), the length of the obtained information is 86 bytes, including 14-byte MAC packet header, 20-byte IP packet header, 20-byte TCP packet header, and 32-byte basic description (type, length, status, and authentication information) of the NFS protocol layer.
- If this command is used to obtain header information of network packets from a specified CIFS port (port 135 or 445), the length of the obtained information is 122 bytes, including 14-byte MAC packet header, 20-byte IP packet header, 20-byte TCP packet header, and 68-byte basic description (command word type, message ID, session ID, and encrypted signature information) of the CIFS protocol layer.
- If this command is used to obtain header information of network packets with port unspecified or from a non-NFS or non-CIFS port, the length of the obtained information is 54 bytes, including 14-byte MAC packet header, 20-byte IP packet header, and 20-byte TCP packet header.
- You can store the obtained file to the "/OSM/coffer_log/log/tcpdump" directory that can be exported by specifying parameter "-w". You can obtain the value by accessing the directory through SFTP.
- This command can only be executed by a super administrator.
Example
-
Obtain the network packet header information.
Storage:minisystem>tcpdump.sh -i eth2 -c 5 src 8.46.7.157 and dst 8.46.23.146 -w test.cap Command will run in the background, and the result will be saved to /OSM/coffer_log/log/tcpdump/test.cap. tcpdump: listening on eth2, link-type EN10MB (Ethernet), capture size 64 bytes Storage:minisystem>
-
Obtain the network packet header information. The result is a syntax error.
Storage:minisystem>tcpdump.sh -i eth2 -c 5 src 8.46.7.157 dst 8.46.23.146 tcpdump: syntax error Storage:minisystem>
-
Obtain header information about the data packets from the front-end service network (applicable to Kunpeng series).
Storage: minisystem> tcpdump.sh -i vrf-srv -c 5 -w test.cap Command will run in the background, and the result will be saved to /OSM/coffer_log/log/tcpdump/test.cap. tcpdump: listening on vrf-srv, link-type EN10MB (Ethernet), capture size 64 bytes