TCP dump is an open source packet capture and analyzer tool that’s been around since the late 1980s. TCP dump is useful because it allows pretty powerful packet capture sessions from the command line. Even better, you can use it from either bash or CLI. Let’s take a look. First I’ll show you how it works from within bash, and then I’ll show you what it’s like from within EOS.
TCP dump will only capture packets destined to or sourced from the CPU. It will not capture data plane traffic because the CPU couldn’t possibly keep up with it all. There are ways to combine tcpdump with sflow to capture some data plane traffic, but you’ll have to wait for the second edition to see that.
If you’ve got Unix experience and already know how to use TCP dump, you might feel more at home using it from bash. To do so, just drop into bash and have at it:
bashArista Networks EOS shell [admin@Arista ~]$
tcpdump -helptcpdump version 4.2.1 libpcap version 1.1.1 Usage: tcpdump [-aAbdDefhHIKlLnNOpqRStuUvxX] [ -B size ] [ -c count ] [ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ] [ -i interface ] [ -M secret ] [ -r file ] [ -s snaplen ] [ -T type ] [ -w file ] [ -W filecount ] [ -y datalinktype ] [ -z command ] [ -Z user ] [ -@ file_index ] [ expression ]
In early editions of EOS,
tcpdump needed to be run from root. Arista has
since modified it to automatically run
In its simplest form, TCP dump will display packet ...