Hi cooperb01,I'm not sure

cooperb01 · ‎11-20-2014

Hi

Is it possible to use the tcpdump command that is available on the Leaf switch to monitor endpoint traffic?

Thanks

Ben

Tomas de Leon · ‎11-20-2014

Ben,

Thank you for using the Cisco Support Community.

The answer is Yes and No. You have to login as ROOT user to run tcpdump. Unfortunately, you have to contact the Cisco TAC to get ROOT access at this time. In the future, ROOT user access may be provided for your use.

Continue to watch the Release Notes on www.cisco.com for updates on future releases.

Thanks!

T.

cooperb01 · ‎11-21-2014

Thanks.

Joe LeBlanc · ‎02-11-2015

Hi cooperb01,

I'm not sure when it was introduced, but it looks like tcpdump is now available via admin account.

leaf1# whoami
admin
leaf1# tcpdump -xxxei knet1
tcpdump: WARNING: knet1: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on knet1, link-type EN10MB (Ethernet), capture size 65535 bytes
19:38:56.264975 00:00:00:00:00:00 (oui Ethernet) > fc:05:01:01:00:00 (oui Unknown), 802.3, length 322: LLC, dsap Null (0x00) Group, ssap Null (0x00) Com
mand, ctrl 0x0b00: Information, send seq 0, rcv seq 5, Flags [Poll], length 308
0x0000: fc05 0101 0000 0000 0000 0000 000e 0100
0x0010: 000b 0b0b 0b0b 000b 0b0b 0b0b 0800 4510
0x0020: 0124 a316 0000 4106 a94e 0a00 185f 0a00
0x0030: 0001 0016 e4a5 eac5 367b 9e1c e8e4 8018
0x0040: 00c2 ff3e 0000 0101 080a 5256 f9fa bf20

14 packets captured
15 packets received by filter
0 packets dropped by kernel

Thanks,

Joe

tcpdump monitoring on Leaf switch