Business Central Towers, Tower A, Office 1703, DIC, Dubai, UAE
Technology simplified
Business Central Towers, Tower A, Office 1703, DIC, Dubai, UAE
Traffic Capture on Tier - O Getaway Uplink
This post will walk you through the steps needed to capture the incoming/outgoiing traffic on Tier0 gateway uplink level. The result will be a PCAP file that can be imported into a packet analyzer such as Wireshark for further troubleshooting and analysis.
Step 1: Collect ID of the Tier0 Uplink Interface
First you have to SSH to the NSX-T edge node running the active SR using admin credentials, then switch the context to the VRF corresponding to the Tier0 SR.
Now you are in the right context, you need to identify the ID of the Tier0 SR uplink interface.
The Tier0 SR uplink interface ID: 684b9ba1-c298-41cd-976f-8d5f91cabe4f
This is the interface where you will capture the incoming & outgoing traffic.
Step 2: Define and Start Capture Session
Next you need to define a new capture session, interface (the ID that we collected at step 1) and direction of traffic (dual means both incoming and outgoing traffic) that you want to trace. Note that before running the below command, you have to exit the VRF mode:
Let’s start the capture session now by capturing 50 packets and save them into a PCAP file:
The capture in done successfully. Let’s delete the capture session and make sure no capture sessions are running on the NSX-T edge node.
To check the current running capture sessions:
Let’s delete the capture session “1” that we created.
Step 3: Copy the PCAP file and analyze it
By default, the generated PCAP file will be stored in the following directory on the NSX-T edge node:
You can use WinSCP to connect to the edge node and copy the .pcap file to your machine.
Finally, you can open the pcap fil using WireShark and analyze it.
