Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
tcpdump.sh
Function
The tcpdump.sh command is used to obtain network packet header information, excluding user sensitive data.
Parameters
Parameter |
Description |
Value |
|---|---|---|
| -i | Sets the listening network interface. For Kunpeng series storage devices, when data packets are sent via the front-end service network, the interface must be specified as "-i vrf-srv" or as a specific network interface name. | Network interface name. |
| -w | Sets a file to save the packets. | The value contains 1 to 80 ASCII characters including digits, letters, underscores (_), at sign (@), periods (.), and hyphens (-). |
| -c | Sets the number of network packets. | The value is an integer from 1 to 160000. |
| src | Sets the listening source address. | IP address. |
| dst | Sets the listening destination address. | IP address. |
| port | Sets the listening port. | Transport layer port number, ranging from 0 to 65535. |
| and | The filter conditions are "and" relationships that support SRC, DST, and port parameters. | - |
| or | The filter conditions are "or" relationships that support SRC, DST, and port parameters. | - |
| -k | Kills execution of background commands. | - |
| -h | Shows help information. | - |
| -a | Displays functions of each subcommand of the tcpdump module. | - |
Usage Guidelines
The "tcpdump.sh" command is executed for analyzing NAS problems and identifying network disconnection problems.
- If this command is used to obtain header information of network packets from a specified NFS port (port 2049, 2050, 2051, or 2052), the length of the obtained information is 86 bytes, including 14-byte MAC packet header, 20-byte IP packet header, 20-byte TCP packet header, and 32-byte basic description (type, length, status, and authentication information) of the NFS protocol layer.
- If this command is used to obtain header information of network packets from a specified CIFS port (port 135 or 445), the length of the obtained information is 122 bytes, including 14-byte MAC packet header, 20-byte IP packet header, 20-byte TCP packet header, and 68-byte basic description (command word type, message ID, session ID, and encrypted signature information) of the CIFS protocol layer.
- If this command is used to obtain header information of network packets with port unspecified or from a non-NFS or non-CIFS port, the length of the obtained information is 54 bytes, including 14-byte MAC packet header, 20-byte IP packet header, and 20-byte TCP packet header.
- You can store the obtained file to the "/OSM/coffer_log/log/tcpdump" directory that can be exported by specifying parameter "-w". You can obtain the value by accessing the directory through SFTP.
- This command can only be executed by a super administrator.
Example
-
Obtain the network packet header information.
Storage:minisystem>tcpdump.sh -i eth2 -c 5 src 8.46.7.157 and dst 8.46.23.146 -w test.cap Command will run in the background, and the result will be saved to /OSM/coffer_log/log/tcpdump/test.cap. tcpdump: listening on eth2, link-type EN10MB (Ethernet), capture size 64 bytes Storage:minisystem>
-
Obtain the network packet header information. The result is a syntax error.
Storage:minisystem>tcpdump.sh -i eth2 -c 5 src 8.46.7.157 dst 8.46.23.146 tcpdump: syntax error Storage:minisystem>
-
Obtain header information about the data packets from the front-end service network (applicable to Kunpeng series).
Storage: minisystem> tcpdump.sh -i vrf-srv -c 5 -w test.cap Command will run in the background, and the result will be saved to /OSM/coffer_log/log/tcpdump/test.cap. tcpdump: listening on vrf-srv, link-type EN10MB (Ethernet), capture size 64 bytes
Previous
