Re: How to enable tcpdump on APIC to capture snmp and syslogs traffic

dseth · ‎10-11-2020

Hello,

How we can enable tcpdump on APIC or leaf to check snmp and syslogs traffic is passing from ACI fabric.

Thanks,

Sufiyan

Hector Gustavo Serrano Gutierrez · ‎10-11-2020

For this kind of packet captures, it can be done with the help of Cisco TAC or Cisco Professional Services since root access privilege is required in the Linux shell.

Regards.

dseth · ‎10-12-2020

Hello @Hector Gustavo Serrano Gutierrez So is there any way we can check the traffic logs by our self.

stantiku · ‎11-02-2020

You can use tcpdump on leaf:

tcpdump -i eth0 -f port 514 (in case of default syslog port 514)

Ali Aghababaei · ‎11-06-2020

Hi dseth,

SNMP trap generated by leaf on the oob interface

Spoiler

leaf1# tcpdump -i eth0 -f port 162

NTP packet received on inband

Spoiler

leaf1# tcpdump -x -X -vv -i kpm_inb "port 123"

Tcpdump on knet or tahoe interface

Spoiler

leaf2# tcpdump2 -i tahoe0 host 10.201.101.1

In Gen-2 Hardware you can use tcpdump2 which is script decoding internal header on the top of tcpdump.

TCP dump on int kpm_inb on leaf to see if we get ARP (note we only see Rx ARP on this interface, not Tx)

Spoiler

leaf1# tcpdump -i kpm_inb arp

And so on.

I hope you will find it helpful.

Regards,

Ali