Support

Support for business applications

Kaspersky SD-WAN

Managing CPE devices

Diagnosing a CPE device

Running the tcpdump utility

Kaspersky SD-WAN
Нет результатов
Online Help
FAQ Forum Contact support Recovery tools

Running the tcpdump utility

17 April 2024

ID 272128

Get as PDF

If you have previously run the tcpdump utility, a report file was generated with the captured traffic. When you run the utility again, that report file is overwritten. You can download the previous report file if you want to keep it.

The tcpdump utility puts additional load on the CPU of the CPE device.

To run the tcpdump utility:

  1. In the menu, go to the SD-WAN → CPE section.

    A table of CPE devices is displayed.

  2. Click the CPE device on which you want to run the tcpdump utility.

    The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand icon . By default, the Configuration tab is selected, which displays general information about the CPE device. This tab also displays the table of Out-of-band management tasks being performed by the orchestrator.

  3. Select the Utilities → Tcpdump tab.

    The tcpdump utility settings are displayed.

  4. In the Capture interface drop-down list, select the previously created network interface on which you want to capture traffic.
  5. In the Direction drop-down list, select the direction of the traffic you want to capture:
    • in to capture incoming traffic.
    • out to capture outgoing traffic.
    • in/out to capture both incoming and outgoing traffic. Default value.
  6. If you want the CPE device to use the DNS server to resolve IP addresses to domain names when creating the report file with the captured traffic, select the Resolve DNS names check box. You can specify a DNS server when creating or editing a network interface. IP addresses that cannot be resolved to domain names are also reflected in the report file. This check box is cleared by default.
  7. If you want to use a filter to capture traffic, in the Capture expression (tcpdump filter format) field, enter the syntax of the filter. Maximum length: 1024 characters. For example, you can use the following filters:
    • icmp to capture only ICMP traffic packets.
    • host 1.2.3.4 and (port 80 or 443) to capture only traffic packets with IPv4 address 1.2.3.4 and source or destination TCP port 80 or 443.
    • tcp[13] & 2 != 0 to capture only TCP SYN traffic packets.

    Detailed information about traffic filters can be obtained from the official tcpdump documentation.

  8. In the Maximum capture time (sec.) field, enter the time in seconds after which you want traffic capture to stop. Range of values: 10 to 600. The default setting is 30.
  9. In the Max. captured packets field, enter the number of traffic packets that you want collected before traffic capture stops. Range of values: 1 to 10,000. The default setting is 1000.

    Traffic capturing stops when the time specified in the Maximum capture time (sec.) field passes, or when the number of traffic packets specified in the Max. captured packets field is captured.

  10. Click Run.

The tcpdump utility is run on the CPE device, and a report file with the captured traffic is generated.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.