cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

How to use tcpdump to capture data destined for vm-host in the Cisco ACI ?

box2168
Cisco Employee
Cisco Employee


I'm troubleshooting application issue and would like to know whether the request from client is reaching the vm-host for that I'm trying to use tcpdump on the Leaf.    

Could you help us to know how to capture traffic for a vm-Host in the ACI?   I tried as following, but failed.  It seems that tcpdump cannot capture the data for a tunnel interface.

 Here's what I did in two steps:

Step1:  Based on the vm-host's ip address(192.168.0.10), find out the leaf switch from APIC
    EP Tracker: 1181-1182, vPC:ucs01-B-ifPolGrp  Tenant: red    Appliction: Apple    EPG:Ball2019    IP:192.168.0.10


Step2:  Based on the above info., I know the the vm-host with 192.168.0.10 is connecting to Leaf 1181 & 1182 by using VPC.  I'm trying to find out which "Interface" is connected to the vM-host

Leaf1181#  show system internal epm endpoint ip 192.168.0.10
      MAC : 0050.56cc.5edf ::: Num IPs : 1
      IP# 0 : 192.168.0.10 ::: IP# 0 flags :
      Vlan id : 679 ::: Vlan vnid : 8945689 ::: VRF name : common:Internal-vrf
      BD vnid : 15630221 ::: VRF vnid : 2588672
      Phy If : 0 ::: Tunnel If : 0x18010178
      Interface : Tunnel376 --------------------------------------->Infterce is Tunnel376
      Flags : 0x80004c05 ::: sclass : 49503 ::: Ref count : 5
      EP Create Timestamp : 12/19/2019 09:10:15.670315
      EP Update Timestamp : 01/13/2020 14:39:59.201569
      EP Flags : local|vPC|IP|MAC|sclass|timer|
      ::::

Leaf1181#  tcpdump -i Tunnel376 -f port 7000 -vv
       tcpdump: Tunnel376: No such device exists ----> failed, it sounds the tcpdump doesn't support the "Tunnel" interface
      (SIOCGIFHWADDR: No such device)

1 ACCEPTED SOLUTION

Accepted Solutions

Timothy Rothenberg
Cisco Employee
Cisco Employee

tcpdump cannot capture traffic forwarded in hardware.  Embedded Logic Analyzer Module (ELAM) can be used to capture a single packet, or you can SPAN the traffic somewhere to be analyzed.

View solution in original post

1 REPLY 1

Timothy Rothenberg
Cisco Employee
Cisco Employee

tcpdump cannot capture traffic forwarded in hardware.  Embedded Logic Analyzer Module (ELAM) can be used to capture a single packet, or you can SPAN the traffic somewhere to be analyzed.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: