Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
6395
Views
5
Helpful
4
Replies

How to enable tcpdump on APIC to capture snmp and syslogs traffic

dseth
Level 1
Level 1

‎10-11-2020 04:14 AM

Hello,

 

How we can enable tcpdump on APIC or leaf to check snmp and syslogs traffic is passing from ACI fabric.

 

Thanks,

Sufiyan

Labels:
0 Helpful
4 Replies 4

Hector Gustavo Serrano Gutierrez
Cisco Employee
Cisco Employee

‎10-11-2020 05:30 AM

Hi @dseth,

For this kind of packet captures, it can be done with the help of Cisco TAC or Cisco Professional Services since root access privilege is required in the Linux shell.

Regards.

0 Helpful

dseth
Level 1
Level 1
In response to Hector Gustavo Serrano Gutierrez

‎10-12-2020 05:33 AM

Hello @Hector Gustavo Serrano Gutierrez  So is there any way we can check the traffic logs by our self. 

0 Helpful

stantiku
Cisco Employee
Cisco Employee

‎11-02-2020 12:02 AM

You can use tcpdump on leaf:

tcpdump -i eth0 -f port 514 (in case of default syslog port 514)

0 Helpful

Ali Aghababaei
Level 1
Level 1

‎11-06-2020 05:04 AM - edited ‎11-06-2020 05:46 AM

Hi dseth,

 

SNMP trap generated by leaf on the oob interface

 

Spoiler
leaf1# tcpdump -i eth0 -f port 162

NTP packet received on inband

 

Spoiler
leaf1# tcpdump -x -X -vv -i kpm_inb "port 123"

Tcpdump on knet or tahoe interface

Spoiler
leaf2# tcpdump2 -i tahoe0 host 10.201.101.1

In Gen-2 Hardware you can use tcpdump2 which is script decoding internal header on the top of tcpdump.

 

TCP dump on int kpm_inb on leaf to see if we get ARP (note we only see Rx ARP on this interface, not Tx)

Spoiler
leaf1# tcpdump -i kpm_inb arp

And so on.

 

I hope you will find it helpful.

Regards,

Ali

 

 

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License

Top