cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

VSX tcpdump causes reboot

Appliance: 23800

Version R80.10 Jumbo Hotfix 56

Recently learned the hard way that running tcpdump causes the system to reboot - happened multiple times.  At first we thought it was because we ran it without a filter so it overwhelmed the box, however, even with a filter after about a minute the box fails over.

Wondering if anyone has run into this??

P.S. Yes I've opened a case just reaching out to the general public see if anyone has experienced anything similar.  This is impacting a very large deployment.

--Juan

0 Kudos
4 Replies
XBensemhoun
Silver

Re: VSX tcpdump causes reboot

Did you tried tcpdump on root context or on the desired one?

Did you tried fw monitor?

0 Kudos

Re: VSX tcpdump causes reboot

The fw monitor works without issue – with tcpdump doesn’t matter what context you run it from, after a minute or so the box reboots – no messaging or anything it’s rebooting your session just hangs.

--Juan

0 Kudos
XBensemhoun
Silver

Re: VSX tcpdump causes reboot

OK ; weird Smiley Sad

I do not have the answer but I can surely recommend you to use fw monitor instead of tcpdump.

Note (if needed) that you can also export fw monitor trace files in Wireshark (refer to How to configure Wireshark for analysis of FW Monitor captures )

Also if needed: check What is FW Monitor? 

0 Kudos

Re: VSX tcpdump causes reboot

tcpdump is useful in some scenarios as it captures traffic before the firewall kernel.

Thanks,

Juan Concepcion

0 Kudos