Viewing TCP dump files
You can view TCP dump files under Diagnostics > SCC Dumps: TCP Dumps.
These configuration options are available:
Add a New TCP Dump
Displays the controls for creating a TCP trace dump.
Capture Name
Specifies the name of the capture file. Use a unique filename to prevent overwriting an existing TCP dump. The default filename uses this format:
<hostname>_<interface>_<time-stamp>.cap
Where <hostname> is the hostname of the SCC, <interface> is the name of the interface selected for the trace (for example, lan0_0, wan0_0), and <time-stamp> is in the yyyy/mm/dd hh:mm:ss format.
If this trace dump relates to an open Riverbed Support case, specify the capture filename case_<number> where <number> is your Riverbed Support case number: for example, case_12345.
The .cap file extension isn’t included with the filename when it appears in the capture queue.
Capture Traffic Between
• IPs—Specify the source IP addresses. Separate multiple IP addresses with a comma to include all addresses bidirectionally. The default setting is all IP addresses.
• Ports—Specify the source ports. Separate multiple ports with a comma. The default setting is all ports.
and:
• IPs—Specify the destination IP addresses. Separate multiple IP addresses with a comma to include all addresses bidirectionally. The default setting is all IP addresses.
• Ports—Specify the destination ports. Separate multiple ports with a comma. The default setting is all ports.
Capture Interfaces
Captures the TCP trace dump on the selected interface(s). You can select all interfaces or a base, in-path, or RSP interface. The default setting is none. You must specify a capture interface. If you select several interfaces at a time, the data is automatically placed into separate capture files.
Capture Parameters
Specifies the parameters:
• Capture Untagged Traffic Only—Captures only traffic without a VLAN tag. Enabling this setting filters the trace dump by capturing all untagged packets.
• Capture VLAN-Tagged Traffic Only—Captures only VLAN-tagged packets within a trace dump for a trunk port (802.1Q). Enabling this setting filters the trace dump by capturing only VLAN-tagged packets. This setting applies to physical interfaces only because logical interfaces (inpath0_0, mgmt0_0) don’t recognize VLAN headers.
• Capture both VLAN and Untagged Traffic—Captures VLAN-tagged and untagged packets within a trace dump.
• Capture Duration—Specify how long the capture runs, in seconds. The default value is 30. Specify 0 or continuous to initiate a continuous trace. When a continuous trace reaches the maximum space allocation of 100 MB, the oldest file is overwritten.
• Maximum Capture Size (MB)—Specify the maximum capture file size, in megabytes. The default value is 100. We recommend a maximum capture file size of 1024 MB (1 GB).
• Buffer Size—Optionally, specify the maximum amount of data, in kilobytes, allowed to queue up while awaiting processing by the TCP trace dump. The default value is 154 KB.
• Snap Length—Optionally, select the snap length value for the capture file or specify a custom value. The snap length equals the number of bytes the report captures for each packet. Having a snap length smaller than the maximum packet size on the network enables you to store more packets, but you might not be able to inspect the full packet content. The default value is 1518 bytes.
Select 65535 for a full packet capture (recommended for CIFS, MAPI, and SSL captures). When using jumbo frames, we recommend selecting 9018. The default custom value is 16383 bytes.
• Number of Files to Rotate—Specify how many TCP trace dump files to rotate. The default value is 5.
• Custom Flags—Specify custom flags to capture unidirectional traces. Examples:
To capture all traffic to or from a single host:
host x.x.x.x
To capture all traffic between a pair of hosts:
host x.x.x.x and host y.y.y.y
To capture traffic between two hosts and two SteelHead inner channels:
(host x.x.x.x and host y.y.y.y) or (host a.a.a.a and host b.b.b.b)
Schedule Dump
Schedules the trace dump to run at a later date and time.
• Start Date—Specify a date to initiate the trace dump in this format: yyyy/mm/dd
• Start Time—Specify a time to initiate the trace dump in this format: hh:mm:ss
Add
Adds the TCP trace dump to the capture queue.
To remove an entry, select the check box next to the name and click Remove Selected.