Purpose
The purpose of capturing packets to get a better understanding of what is happening between the node and the host you are attempting to reach. Capturing the packets can allow users to see on a granular level what is happening between the connection.
Methods of collecting
There are two ways of capturing packets with Catchpoint Enterprise Nodes:
Catchpoint Utility
- Use the Catchpoint utility to start collecting packets.
catchpoint packet-capture - After running for the desired amount of time hit the keys CTRL+C to stop
Note: this will identify the interface the node is connected to and run tcpdump on that. However, sometimes your node might use a different interface to communicate, in which case option 2 is the best way to collect/capture packets
Linux Native Tool
1. If you know which interface is used by your node you can use the below command to capture packets and store them in a local file:
tcpdump -i <nameOfInterface> -w \<someFileName\>.pcap
2. If you do not which interface is used, run this command:
tcpdump -i any -w <someFileName>.pcap
3. If you would like to capture extra details, you can use the -v switch to add extra verbosity (or -vv for slightly more, or -vvv for the highest verbosity):
tcpdump -i any -v -w <someFilename>.pcap
4. If you would like to capture the entire packet (sometimes you may not want to capture whole packets as the needed information might be in the packet header, and capturing whole packets would produce a very large file) use the -s0 switch. Alternatively you can use -s <integer> to capture a the specified number of bytes starting from the beginning of the packet. (Replace <integer> with the desired number first 96 bytes. For example, the switch -s 96 would capture the first 96 bytes of data.)
tcpdump -vvv -s0 -i any -w <someFileName>.pcap
- There are many other switches available as well, which can be found here: https://www.tcpdump.org/tcpdump_man.html