cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1357
Views
5
Helpful
1
Replies
Highlighted
Cisco Employee

How to use tcpdump to capture data destined for vm-host in the Cisco ACI ?


I'm troubleshooting application issue and would like to know whether the request from client is reaching the vm-host for that I'm trying to use tcpdump on the Leaf.    

Could you help us to know how to capture traffic for a vm-Host in the ACI?   I tried as following, but failed.  It seems that tcpdump cannot capture the data for a tunnel interface.

 Here's what I did in two steps:

Step1:  Based on the vm-host's ip address(192.168.0.10), find out the leaf switch from APIC
    EP Tracker: 1181-1182, vPC:ucs01-B-ifPolGrp  Tenant: red    Appliction: Apple    EPG:Ball2019    IP:192.168.0.10


Step2:  Based on the above info., I know the the vm-host with 192.168.0.10 is connecting to Leaf 1181 & 1182 by using VPC.  I'm trying to find out which "Interface" is connected to the vM-host

Leaf1181#  show system internal epm endpoint ip 192.168.0.10
      MAC : 0050.56cc.5edf ::: Num IPs : 1
      IP# 0 : 192.168.0.10 ::: IP# 0 flags :
      Vlan id : 679 ::: Vlan vnid : 8945689 ::: VRF name : common:Internal-vrf
      BD vnid : 15630221 ::: VRF vnid : 2588672
      Phy If : 0 ::: Tunnel If : 0x18010178
      Interface : Tunnel376 --------------------------------------->Infterce is Tunnel376
      Flags : 0x80004c05 ::: sclass : 49503 ::: Ref count : 5
      EP Create Timestamp : 12/19/2019 09:10:15.670315
      EP Update Timestamp : 01/13/2020 14:39:59.201569
      EP Flags : local|vPC|IP|MAC|sclass|timer|
      ::::

Leaf1181#  tcpdump -i Tunnel376 -f port 7000 -vv
       tcpdump: Tunnel376: No such device exists ----> failed, it sounds the tcpdump doesn't support the "Tunnel" interface
      (SIOCGIFHWADDR: No such device)

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

tcpdump cannot capture traffic forwarded in hardware.  Embedded Logic Analyzer Module (ELAM) can be used to capture a single packet, or you can SPAN the traffic somewhere to be analyzed.

View solution in original post

1 REPLY 1
Highlighted
Cisco Employee

tcpdump cannot capture traffic forwarded in hardware.  Embedded Logic Analyzer Module (ELAM) can be used to capture a single packet, or you can SPAN the traffic somewhere to be analyzed.

View solution in original post

Content for Community-Ad