The tcpdump utility generates a report with the captured traffic. When you run the tcpdump utility again, the report is overwritten. You can download the previous report if you want to keep it.
The tcpdump utility puts additional load on the CPU of the CPE device.
To run the tcpdump utility:
In the menu, go to the SD-WAN → CPE section.
A table of CPE devices is displayed.
Click the CPE device on which you want to run the tcpdump utility.
The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand icon . By default, the Configuration tab is selected, which displays general information about the CPE device. This tab also displays the table of Out-of-band management tasks being performed by the orchestrator.
Select the Utilities → Tcpdump tab.
The tcpdump utility settings are displayed.
In the Capture network interface drop-down list, select the created network interface on which you want to capture traffic.
In the Direction drop-down list, select the direction of the traffic you want to capture:
In to capture incoming traffic.
Out to capture outgoing traffic.
In/out to capture both incoming and outgoing traffic. Default value.
If you want the CPE device to use the DNS server to resolve IP addresses to domain names when creating the report with the captured traffic, select the Resolve DNS names check box. You can specify a DNS server when creating or editing a network interface. IP addresses that cannot be resolved to domain names are also reflected in the report. This check box is cleared by default.
If you want to use a filter to capture traffic, in the Filter tcpdump field, enter the syntax of the filter. Maximum length of the filter: 1024 characters. For example, you can use the following filters:
icmp to capture only ICMP traffic packets.
host 1.2.3.4 and (port 80 or 443) to capture only traffic packets with IPv4 address 1.2.3.4 and source or destination TCP port 80 or 443.
tcp[13] & 2 != 0 to capture only TCP SYN traffic packets.
In the Maximum capture time (sec.) field, enter the time in seconds after which traffic capture stops. Range of values: 10 to 600. Default value: 30.
In the Maximum of captured packets field, enter the number of traffic packets that you want collected before traffic capture stops. Range of values: 1 to 10,000. Default value: 1000.
Traffic capturing stops when the time specified in the Maximum capture time (sec.) field passes, or when the number of traffic packets specified in the Maximum of captured packets field is captured.
Click Run.
The tcpdump utility is run on the CPE device, and a report with the captured traffic is generated.