cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3535
Views
5
Helpful
5
Replies

How to TCPDUMP on vEdge prior to vManage?

BRIAN SEKLECKI
Beginner
Beginner

Since SU and SUDO are restricted in vEdge, and 'request execute' doesn't run as root, how can I capture Ethernet frames on an interface prior to vManage?

 

oh-god-please-help-me-make-it-stop# request execute vpn 0 tcpdump -i ge2_0
tcpdump: ge2_0: You don't have permission to capture on that device
(socket: Operation not permitted)

 

I understand you can do this in vManage once the BFDs are up, but I'm talking about investigating WAN circuits with possible VLAN tagging problems caused by MEF carriers during WAN Turn-Up

 

1 ACCEPTED SOLUTION

Accepted Solutions

daniel.dib
Rising star
Rising star

You don't need the request command to run tcpdump. You can run it with just tcpdump directly from the CLI.

 

https://sdwan-docs.cisco.com/Product_Documentation/Command_Reference/Command_Reference/Operational_Commands/tcpdump

Daniel Dib
CCIE #37149
CCDE #20160011

Please rate helpful posts.

View solution in original post

5 REPLIES 5

daniel.dib
Rising star
Rising star

You don't need the request command to run tcpdump. You can run it with just tcpdump directly from the CLI.

 

https://sdwan-docs.cisco.com/Product_Documentation/Command_Reference/Command_Reference/Operational_Commands/tcpdump

Daniel Dib
CCIE #37149
CCDE #20160011

Please rate helpful posts.

That's great news.   In what version was that added?

 

Thanks for being responsive! 

To answer my own question: 14.1.x but 16.3.x appears to be when it was standardized

 

Command History

 Release Modification
14.1

Command introduced.

16.3

Updated the command options.

All: As of some version of 18.x. (18.3.5, 18.4.302.), tcpdump started being run with the -p flag.

This definitely wasn't the case on 17.2.8 or 16.2.10.

That basically makes it useless for 90% of WAN troubleshooting scenarios.

 

Is this a mistake that got left in during a debug build? Any way to work around it?

All: As of some version of 18.x. (18.3.5, 18.4.302.), tcpdump started being run with the -p flag.

This definitely wasn't the case on 17.2.8 or 16.2.10.

That basically makes it useless for 90% of WAN troubleshooting scenarios.

 

Is this a mistake that got left in during a debug build? Any way to work around it?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: