cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5884
Views
5
Helpful
5
Replies

How to TCPDUMP on vEdge prior to vManage?

BRIAN SEKLECKI
Level 1
Level 1

Since SU and SUDO are restricted in vEdge, and 'request execute' doesn't run as root, how can I capture Ethernet frames on an interface prior to vManage?

 

oh-god-please-help-me-make-it-stop# request execute vpn 0 tcpdump -i ge2_0
tcpdump: ge2_0: You don't have permission to capture on that device
(socket: Operation not permitted)

 

I understand you can do this in vManage once the BFDs are up, but I'm talking about investigating WAN circuits with possible VLAN tagging problems caused by MEF carriers during WAN Turn-Up

 

1 Accepted Solution

Accepted Solutions

daniel.dib
Level 7
Level 7

You don't need the request command to run tcpdump. You can run it with just tcpdump directly from the CLI.

 

https://sdwan-docs.cisco.com/Product_Documentation/Command_Reference/Command_Reference/Operational_Commands/tcpdump

Daniel Dib
CCIE #37149
CCDE #20160011

Please rate helpful posts.

View solution in original post

5 Replies 5

daniel.dib
Level 7
Level 7

You don't need the request command to run tcpdump. You can run it with just tcpdump directly from the CLI.

 

https://sdwan-docs.cisco.com/Product_Documentation/Command_Reference/Command_Reference/Operational_Commands/tcpdump

Daniel Dib
CCIE #37149
CCDE #20160011

Please rate helpful posts.

That's great news.   In what version was that added?

 

Thanks for being responsive! 

To answer my own question: 14.1.x but 16.3.x appears to be when it was standardized

 

Command History

 Release Modification
14.1

Command introduced.

16.3

Updated the command options.

All: As of some version of 18.x. (18.3.5, 18.4.302.), tcpdump started being run with the -p flag.

This definitely wasn't the case on 17.2.8 or 16.2.10.

That basically makes it useless for 90% of WAN troubleshooting scenarios.

 

Is this a mistake that got left in during a debug build? Any way to work around it?

All: As of some version of 18.x. (18.3.5, 18.4.302.), tcpdump started being run with the -p flag.

This definitely wasn't the case on 17.2.8 or 16.2.10.

That basically makes it useless for 90% of WAN troubleshooting scenarios.

 

Is this a mistake that got left in during a debug build? Any way to work around it?