Re: VSX tcpdump causes reboot

Juan_Concepcion · ‎2018-05-08

Appliance: 23800

Version R80.10 Jumbo Hotfix 56

Recently learned the hard way that running tcpdump causes the system to reboot - happened multiple times. At first we thought it was because we ran it without a filter so it overwhelmed the box, however, even with a filter after about a minute the box fails over.

Wondering if anyone has run into this??

P.S. Yes I've opened a case just reaching out to the general public see if anyone has experienced anything similar. This is impacting a very large deployment.

--Juan

XavierBens · ‎2018-05-09

Did you tried tcpdump on root context or on the desired one?

Did you tried fw monitor?

Cybersecurity Evangelist, CISSP, CCSP, CCSM Elite

Juan_Concepcion · ‎2018-05-09

The fw monitor works without issue – with tcpdump doesn’t matter what context you run it from, after a minute or so the box reboots – no messaging or anything it’s rebooting your session just hangs.

--Juan

XavierBens · ‎2018-05-09

OK ; weird

I do not have the answer but I can surely recommend you to use fw monitor instead of tcpdump.

Note (if needed) that you can also export fw monitor trace files in Wireshark (refer to How to configure Wireshark for analysis of FW Monitor captures )

Also if needed: check What is FW Monitor?

Cybersecurity Evangelist, CISSP, CCSP, CCSM Elite

Juan_Concepcion · ‎2018-05-09

tcpdump is useful in some scenarios as it captures traffic before the firewall kernel.

Thanks,

Juan Concepcion

Are you a member of CheckMates?

VSX tcpdump causes reboot