For troubleshooting Network related issues like ping failures, packet losses, routing issues for troubleshooting the issues we will often end up collecting the tcpdumps on Linux systems.
As a basic first step for troubleshooting the communication between source and destination hosts PING test (which goes over ICMP protocol) can be used for testing and tcpdumps can be captured on how the packets are being sent and received.
Below steps provide details on how tcpdumps can be executed on source and target for capturing packets information during PING tests. In below steps we are capturing tcpdumps on just ICMP protocol which just shows ping traffic. This way we are not looking at the other unrelated traffic data on source and target VM's.
1. Identify the of both source and destination VM's between which there is communication issues. Make a note of interface of both source and target VM's. We will need interface name to pass it as argument for capturing tcpdumps on ICMP protocol (on which pings go)
2. Now open 2 SSH sessions for each source and destination VM's.
3. Now in one of the SSH sessions for the source VM run below tcpdump command.
In above command interfaceX will be the interface name of source VM. This command saves the tcpdumps inside /tmp with filename as hostname_tcpdump and date/timestamps. Leave the tcpdump command running and do not do Ctrl C.
For e.g. if source VM if interface name is eth0, above command looks like below.
4. Now in one of the SSH sessions for the destination VM run below tcpdump command.
For e.g. if destination VM has interface name as eth1, above command looks like below.
5. Now send 5 pings from another SSH session of source VM to destination VM IP as follows.
6. Now send 5 pings from another SSH session of destination VM to source VM IP as follows.
8. Now you can read the tcpdumps using below command.
In above command replace tcpdump filename with the tcpdump filenames captured in above steps 3 & 4. Below is how the tcpdump file snippet looks which shows traffic over ICMP ping protocol.
Products to which Article Applies
All Linux Operating Systems.
http://www.cs.unh.edu/cnrg/people/lin/help/tcpdumpCookbook.htm
As a basic first step for troubleshooting the communication between source and destination hosts PING test (which goes over ICMP protocol) can be used for testing and tcpdumps can be captured on how the packets are being sent and received.
Below steps provide details on how tcpdumps can be executed on source and target for capturing packets information during PING tests. In below steps we are capturing tcpdumps on just ICMP protocol which just shows ping traffic. This way we are not looking at the other unrelated traffic data on source and target VM's.
1. Identify the of both source and destination VM's between which there is communication issues. Make a note of interface of both source and target VM's. We will need interface name to pass it as argument for capturing tcpdumps on ICMP protocol (on which pings go)
2. Now open 2 SSH sessions for each source and destination VM's.
3. Now in one of the SSH sessions for the source VM run below tcpdump command.
tcpdump -n -i interfaceX icmp -w /tmp/`hostname`_tcpdumps__$(date +%F'-'%T).pcap
In above command interfaceX will be the interface name of source VM. This command saves the tcpdumps inside /tmp with filename as hostname_tcpdump and date/timestamps. Leave the tcpdump command running and do not do Ctrl C.
For e.g. if source VM if interface name is eth0, above command looks like below.
tcpdump -n -i eth0 icmp -w /tmp/`hostname`_tcpdumps__$(date +%F'-'%T).pcap
tcpdump -n -i interfaceX icmp -w /tmp/`hostname`_tcpdumps__$(date +%F'-'%T).pcap
In above command interfaceX will be the interface name of destination VM. This command saves the tcpdumps inside /tmp with filename as hostname_tcpdump and date/timestamps. Leave the tcpdump command running and do not do Ctrl C
For e.g. if destination VM has interface name as eth1, above command looks like below.
tcpdump -n -i eth1 icmp -w /tmp/`hostname`_tcpdumps__$(date +%F'-'%T).pcap
5. Now send 5 pings from another SSH session of source VM to destination VM IP as follows.
ping -c 5 <destination VM IP>
6. Now send 5 pings from another SSH session of destination VM to source VM IP as follows.
ping -c 5 <source VM IP>
7. Now go back to the SSH sessions for source and destination VM's where tcpdump is running in above steps 3 & 4 and then do CTRL C to stop tcpdumps.
8. Now you can read the tcpdumps using below command.
tcpdump -r <tcpdump filename>
In above command replace tcpdump filename with the tcpdump filenames captured in above steps 3 & 4. Below is how the tcpdump file snippet looks which shows traffic over ICMP ping protocol.
16:53:03.814888 IP 192.168.0.1 > 192.168.0.2: ICMP echo request, id 35900, seq 1, length 64
16:53:03.814943 IP 192.168.0.2 > 192.168.0.1: ICMP echo reply, id 35900, seq 1, length 64
16:53:04.804932 IP 192.168.0.1 > 192.168.0.2: ICMP echo request, id 35900, seq 2, length 64
16:53:04.804949 IP 192.168.0.2 > 192.168.0.1: ICMP echo reply, id 35900, seq 2, length 64
16:53:05.804717 IP 192.168.0.1 > 192.168.0.2: ICMP echo request, id 35900, seq 3, length 64
16:53:05.804750 IP 192.168.0.2 > 192.168.0.1: ICMP echo reply, id 35900, seq 3, length 64
16:53:06.804728 IP 192.168.0.1 > 192.168.0.2: ICMP echo request, id 35900, seq 4, length 64
16:53:06.804766 IP 192.168.0.2 > 192.168.0.1: ICMP echo reply, id 35900, seq 4, length 64
16:53:03.814943 IP 192.168.0.2 > 192.168.0.1: ICMP echo reply, id 35900, seq 1, length 64
16:53:04.804932 IP 192.168.0.1 > 192.168.0.2: ICMP echo request, id 35900, seq 2, length 64
16:53:04.804949 IP 192.168.0.2 > 192.168.0.1: ICMP echo reply, id 35900, seq 2, length 64
16:53:05.804717 IP 192.168.0.1 > 192.168.0.2: ICMP echo request, id 35900, seq 3, length 64
16:53:05.804750 IP 192.168.0.2 > 192.168.0.1: ICMP echo reply, id 35900, seq 3, length 64
16:53:06.804728 IP 192.168.0.1 > 192.168.0.2: ICMP echo request, id 35900, seq 4, length 64
16:53:06.804766 IP 192.168.0.2 > 192.168.0.1: ICMP echo reply, id 35900, seq 4, length 64
Products to which Article Applies
All Linux Operating Systems.
Additional References
http://www.cs.unh.edu/cnrg/people/lin/help/tcpdumpCookbook.htm
tarun boyella
No comments:
Post a Comment