09-21-2022 11:34 AM
Hello Cisco world,
I'm currently troubleshooting a problem, where I want to see if specific packets (e.g. ICMP) are entering and/or leaving a specific switch ports.
I used tcpdump (bash-4.2# tcpdump -i Eth1-2) via bash-shell, but all I see are rapid spanning tree control packets. I don't see any data packets. I tested it on trunk and access ports. I'm sure that the packets are switched via these ports, but I can't see them in tcpdump output.
Do you have any idea if I'm doing something wrong, or is there a known bug or limitation?
Tested on C93108TC-FX and C92348GC-X with nxos 10.1.1
Thanks in advance
09-21-2022 04:14 PM
can you check are you using the right interface
#ifconfig Eth1-2
#tcpdump -A -i Eth1-2 (check with this command)
09-22-2022 02:18 AM
Yes, I'm sure that I used the correct interface. I also compared MAC address displayed via "sh int eth1/2" (IOS) and ifconfig Eth1-2 (bash). It's the correct interface, but all I see is Rapid STP Traffic.
Might there be some limitation that Tcpdump on Nexus only shows Control-Traffic and maybe routed packets via TCPDump? But no switched traffic?
09-22-2022 03:16 AM
is this layer2 intercace or layer3 interface, can you post ifconfig eth1-2 to look ?
09-22-2022 06:56 AM
Hi Tony!
Both the Ethanalyzer capture tool and tcpdump/tshark in the Bash shell of NX-OS devices only support capturing control plane traffic. Data plane traffic (both routed and switched) will not be captured by either Ethanalyzer or tcpdump/tshark.
If you are interested in capturing data plane traffic for troubleshooting purposes on Cisco Cloud Scale-based Nexus switches (which both the N9K-C93108TC-FX and N9K-C92348GC-X are), you may be interested in the SPAN-to-CPU or ELAM features.
I hope this helps - thank you!
-Christopher
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide