topic Re: no more tcpdump in file with -w in Hyperscale Firewall (Maestro)

no more tcpdump in file with -w

Catalin_Ciubot2 — Thu, 16 Oct 2025 13:58:09 GMT

Hello,

I used to save the tcpdump in a file with the command below

g_tcpdump -nni <interface> host <x> and host <y> -s 65535 -w /var/tmp/file

This was before applying take 113 to R81.20

Now I see that is not exporting anymore the packets but when I ran

g_tcpdump -nni <interface> host <x> and host <y> -s 65535

I see the packets on console.

I don't see the problem here, could you help?

Thanks!

Re: no more tcpdump in file with -w

Lesley — Thu, 16 Oct 2025 13:32:22 GMT

[Expert@SG-s01-01:0]# gclish

[Global] SG-s01-01 > tcpdump -mcap -w /tmp/capture.cap

Capturing packets...

Write "stop" and press enter to stop the packets capture process.

1_01:

tcpdump: listening on eth1-Mgmt4, link-type EN10MB (Ethernet), capture size 96 bytes

Clarification about this output:
At this moment, an administrator pressed the CTRL+C keys

stop

Received user request to stop the packets capture process.

Copying captured packets from all SGMs...

Merging captured packets from SGMs to /tmp/capture.cap...

Done.

[Global] SG-s01-01>

Re: no more tcpdump in file with -w

Catalin_Ciubot2 — Thu, 16 Oct 2025 13:43:49 GMT

Thanks, but I have to capture on a specific interface with a filter, to avoid too many packets, and maybe performance load.

Re: no more tcpdump in file with -w

Lesley — Thu, 16 Oct 2025 14:00:41 GMT

add -i flag all tcpdump Linux flags work here

Re: no more tcpdump in file with -w

Catalin_Ciubot2 — Thu, 16 Oct 2025 14:19:54 GMT

Once I add

-w /var/tmp/file

to the command, is creating an empty file 1 KB.

I repeat, without sending the output to file, the command is working.

For me this looks like another bug.

Re: no more tcpdump in file with -w

Lesley — Thu, 16 Oct 2025 14:27:01 GMT

MyChassis-ch01-01 > tcpdump -mcap -w /tmp/capture.cap -nnni eth1-Mgmt4

Re: no more tcpdump in file with -w

emmap — Thu, 16 Oct 2025 15:59:17 GMT

Check on all your SGMs for the /var/tmp/file output file.

Re: no more tcpdump in file with -w

the_rock — Thu, 16 Oct 2025 21:18:54 GMT

Worked fine for me last time I tried on R81.20 and R82.

Re: no more tcpdump in file with -w

Catalin_Ciubot2 — Fri, 17 Oct 2025 08:43:04 GMT

We are using SMO (Single Management Object). I'm pretty sure that I was using that syntax, I mentioned previously.

Now, I discover that is the one below.

g_tcpdump -mcap -w /var/tmp/testp.pcap -nni bond1.200 host x and host y

Why syntax changed?

Re: no more tcpdump in file with -w

emmap — Mon, 20 Oct 2025 01:50:15 GMT

As far as I am aware it's always needed the mcap flag to merge the output files. It's in the R80.20SP admin guide at least.

Re: no more tcpdump in file with -w

Hauke — Mon, 20 Oct 2025 09:14:57 GMT

Same issue!