Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3891
Views
0
Helpful
4
Replies

Nexus bash-shell tcpdump capture packets on switchport

Tony Rosolek
Level 1
Level 1

‎09-21-2022 11:34 AM

Hello Cisco world,

I'm currently troubleshooting a problem, where I want to see if specific packets (e.g. ICMP) are entering and/or leaving a specific switch ports. 

I used tcpdump (bash-4.2# tcpdump -i Eth1-2) via bash-shell, but all I see are rapid spanning tree control packets. I don't see any data packets. I tested it on trunk and access ports. I'm sure that the packets are switched via these ports, but I can't see them in tcpdump output.

Do you have any idea if I'm doing something wrong, or is there a known bug or limitation?

Tested on C93108TC-FX and C92348GC-X with nxos 10.1.1

Thanks in advance

||| Please rate helpful posts. Thanks! |||
Labels:
0 Helpful
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎09-21-2022 04:14 PM

can you check are you using the right interface

#ifconfig Eth1-2

#tcpdump -A -i Eth1-2 (check with this command)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Tony Rosolek
Level 1
Level 1
In response to balaji.bandi

‎09-22-2022 02:18 AM

Yes, I'm sure that I used the correct interface. I also compared MAC address displayed via "sh int eth1/2" (IOS) and ifconfig Eth1-2 (bash). It's the correct interface, but all I see is Rapid STP Traffic. 

Might there be some limitation that Tcpdump on Nexus only shows Control-Traffic and maybe routed packets via TCPDump? But no switched traffic? 

||| Please rate helpful posts. Thanks! |||
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Tony Rosolek

‎09-22-2022 03:16 AM

is this layer2 intercace or layer3 interface, can you post ifconfig eth1-2 to look ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Christopher Hart
Cisco Employee
Cisco Employee

‎09-22-2022 06:56 AM

Hi Tony!

Both the Ethanalyzer capture tool and tcpdump/tshark in the Bash shell of NX-OS devices only support capturing control plane traffic. Data plane traffic (both routed and switched) will not be captured by either Ethanalyzer or tcpdump/tshark.

If you are interested in capturing data plane traffic for troubleshooting purposes on Cisco Cloud Scale-based Nexus switches (which both the N9K-C93108TC-FX and N9K-C92348GC-X are), you may be interested in the SPAN-to-CPU or ELAM features.

I hope this helps - thank you!

-Christopher

0 Helpful
Customers Also Viewed These Support Documents