Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
starmen2000
Collaborator
Collaborator
Jump to solution

VSX Tcpdump Problem

Hi mates,

 

When we run tcpdump / cppcap on VSX gateway, we are able to see only ARP request and reply packets. Normally thorugh vsx the whole traffic is going through. in this case when we specify the interface on tcpdump syntax, still we see only arp packets. Anyone has idea?

0 Kudos
1 Solution

Accepted Solutions
Timothy_Hall
Legend Legend
Legend

This is a quote from my Max Capture: Know Your Packets self-guided video series:

If trying to capture traffic on a Wrp interface in a VSX environment, or on vSEC for NSX-V, fw monitor must be used to
ensure a complete capture. See sk167462: Tcpdump / CPpcap do not show incoming packets on Virtual Switch's Wrp
interface and sk116796: ' tcpdump ' utility does not capture the specified traffic on vSEC for NSX / vSEC Virtual ...
Hypervisor Mode.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com

View solution in original post

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

What version/JHF?
What precise syntax are you using?
Can you see the traffic with fw monitor or through other means?

0 Kudos
starmen2000
Collaborator
Collaborator

R81 / Take 68

tcpdump -nni any 

tcpdump -nni bond2.776 and host x.y.z.t

 

With fw monitor I can not see the traffic if I specify destination IP

0 Kudos
Timothy_Hall
Legend Legend
Legend

This is a quote from my Max Capture: Know Your Packets self-guided video series:

If trying to capture traffic on a Wrp interface in a VSX environment, or on vSEC for NSX-V, fw monitor must be used to
ensure a complete capture. See sk167462: Tcpdump / CPpcap do not show incoming packets on Virtual Switch's Wrp
interface and sk116796: ' tcpdump ' utility does not capture the specified traffic on vSEC for NSX / vSEC Virtual ...
Hypervisor Mode.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events