NetApp AltaVault Cloud Integrated Storage Administration Guide 149
Beta Draft
Capturing and uploading TCP dumps Viewing reports and logs
Troubleshooting
If your command results in a syntax error with an immediate or scheduled TCP dump, this message appears:
“Error in tcpdump command. See System Log for details.”
Review the system log to see the full tcpdump command attempt. Check the expression for issues such as a missing
“and,” as well as contradictory instructions such as looking for VLAN-tagged traffic AND non-tagged traffic.
Custom flag use examples
The examples in this table focus on the custom flag entry but rely on other fields to create a complete filter.
Custom Flags Specify custom flags as additional statements within the filter expression. Custom flags are added
to the end of the expression created from the Endpoints fields and the Capture Parameters radio
buttons (pertaining to VLANs).
If you require an “and” statement between the expression created from other fields and the
expression that you are entering in the custom flags field, you must include the “and” statement at
the start of the custom flags field.
Do not use host, src, or dst statements in the custom flags field. Although it is possible in trivial
cases to get these to start without a syntax error, they do not capture GRE-encapsulated packets
that some modes of AltaVault communications use, such as WCCP deployments or Interceptor
connection-setup traffic. NetApp recommends using bidirectional filters by specifying endpoints.
For complete control of your filter expression, use the CLI tcpdump command. For details, see the
NetApp AltaVault Cloud Integrated Storage Command-Line Interface Reference Guide.
Schedule Dump Schedules the capture to run at a later date and time.
Start Date - Specify a date to initiate the capture, in this format: YYYY/MM/DD.
Start Time - Specify a time to initiate the capture, in this format: HH:MM:SS.
Add Adds the capture request to the capture queue.
Filter Purpose Custom Flag
To capture all traffic on VLAN 10 between two specified
endpoints: 1.1.1.1 and 2.2.2.2
and vlan 10
To capture any packet with a SYN or an ACK tcp[tcpflags] & (tcp-syn|tcp-ack) != 0
To capture any packet with a SYN tcp[tcpflags] & (tcp-syn) != 0
—or—
tcp[13] & 2 == 2
To capture any SYN to or from host 1.1.1.1 and (tcp[tcpflags] & (tcp-syn) != 0)
—or—
and (tcp[13] & 2 == 2)
Control Description
To Next Page
Loading...
