How to perform a packet trace
- Document Type:
Details steps to perform a packet trace of ExtremeZ-IP for diagnostic purposes.
ExtremeZ-IP has detailed debug logging facilities built in which can be used to diagnose customer problems in the field. However, in certain circumstances, it can be useful to perform a packet trace of data sent between an ExtremeZ-IP server and a Mac client in order to provide Group Logic Technical Support with additional information. This document describes how to perform this trace using free Macintosh and Windows tools.
1. Install Ethereal
The latest version of the Ethereal application can be found directly at: Windows Ethereal. Make sure to install the required WinPcap as well.
For more information, please refer to: http://www.ethereal.com/
Both installers should be self-explanatory – just choose all the default settings.
2. Set up a packet trace
– Launch Ethereal
– Go to Capture | Start
– Under “Capture file(s)”, enter a path and filename, eg. “C:\packet.log”
– Select “Use ring buffer”, number of files = 2
– Rotate capture file every 5000 kilobytes. [NOTE: This option is toward the
lower portion of the window and only appears after “use ring buffer” has been
selected. Do not enable the similar sounding option of “Rotate capture file
every x seconds”.]
– Hit OK to begin packet trace
Note: if you have multiple network cards on the Windows server, you may need to select the appropriate card from the “Interface” pull-down.
Ethereal will now log all packets. It will write these packets to disk, writing continuously to two files, each a maximum of 5MB in size. In general, Group Logic Technical Support is usually interested in the last few packets that get sent to the Macintosh client, therefore, in the interest of saving hard drive space, we instruct Ethereal to continously write over older packets to keep the file sizes relatively small. (If we don’t do this, then all packets get written to disk. If the problem does not occur until we’ve transferred hundreds of megabytes of data, the packet log will be hundreds or thousands of megabytes in size.) In certain circumstances, it may be more effective to log all packets – in that case, do not select the “Use Ring Buffer” checkbox mentioned above.
3. Perform the action that causes the problematic ExtremeZ-IP behavior.
4. Stop the capture.
After the behavior has occurred, stop the capture, exit Ethereal and send Group Logic Technical Support the resulting packet logs (there should be two of them with names like “packet_00002_20030903092141.log”).
Option 1: Use the built-in UNIX command tcpdump as described in the Apple knowledge base
Option 2: Download the GUI driven utility and run on the Macintosh client. Use link at bottom of webpage to download. (Mac OS X 10.3 and higher)
PDF/PPT Description: EZtcpdump