Chapter 24. TCP Dump

TCP dump is an open source packet capture and analyzer tool that’s been around since the late 1980s. TCP dump is useful because it allows pretty powerful packet capture sessions from the command line. Even better, you can use it from either bash or CLI. Let’s take a look. First I’ll show you how it works from within bash, and then I’ll show you what it’s like from within EOS.

Note

TCP dump will only capture packets destined to or sourced from the CPU. It will not capture data plane traffic because the CPU couldn’t possibly keep up with it all. There are ways to combine tcpdump with sflow to capture some data plane traffic, but you’ll have to wait for the second edition to see that.

Unix

If you’ve got Unix experience and already know how to use TCP dump, you might feel more at home using it from bash. To do so, just drop into bash and have at it:

Arista#bash

Arista Networks EOS shell

[admin@Arista ~]$ tcpdump -help
tcpdump version 4.2.1
libpcap version 1.1.1
Usage: tcpdump [-aAbdDefhHIKlLnNOpqRStuUvxX] [ -B size ] [ -c count ]
                [ -C file_size ] [ -E algo:secret ] [ -F file ]
                [ -G seconds ]
                [ -i interface ] [ -M secret ]
                [ -r file ] [ -s snaplen ] [ -T type ] [ -w file ]
                [ -W filecount ] [ -y datalinktype ] [ -z command ]
                [ -Z user ] [ -@ file_index ] [ expression ]

Note

In early editions of EOS, tcpdump needed to be run from root. Arista has since modified it to automatically run sudo tcpdump whenever tcpdump is entered.

In its simplest form, TCP dump will display packet ...

Get Arista Warrior now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial