Diagnostics of network connections on a virtual EDGE router (Part 2)

In this article, we will consider the possibility of capturing network packets on EDGE with its further analysis in Wireshark; this can be useful in diagnosing a wide range of problems. After gaining access to the control panel of the virtual router, as described in Part 1

We will decide on the network interface on which we will remove packets - show interface

In the example described below, we will analyze traffic on the vNic_0 interface. There are two options for capturing traffic:

- to the screen and

- to file.

I. Traffic capture and viewing in the terminal.

Start debug packet display interface vNic_0 and get a report about traffic to the console.

To complete capture, press CTRL + C. If you enable output logging in the SSH client settings in a file, then  get this data in the file.

To filter exchange traffic with a specific host, for example, from 90.107.69.171

 

 debug packet display interface vNic_0 90.107.69.171

 To filter traffic by host 90.107.69.171 and port 22 we use:

debug packet display interface vNic_0 port_22_and_host_90.107.69.171

You can exclude from the output those connections that we use to connect to EDGE via SSH, adding not to the rules, excluding our host 90.107.69.171:

debug packet display interface vNic_0 not_port_22_and_not_host_90.107.69.171

To capture on multiple ports UDP / 500 (ISAKMP) or UDP / 4500 (IPSEC) and Remote host IP: 192.168.255.2, write:

debug packet display interface vNic_0 host_192.168.255.2_and_udp_port_500_or_udp_port_4500

Other examples of possible filtering:

debug packet display interface any host_11.22.33.44_and_tcp_port_80

debug packet display interface vNic_0 udp

debug packet display interface vNic_0 icmp

debug packet display interface vNic_0 host_10.10.10.10

debug packet display interface vNic_0 tcp_src_port_53

debug packet display interface any host_10.10.10.10_or_host_11.22.33.44

II. Capturing traffic with saving to file

Write all captured traffic to a file - debug packet capture interface vNic_0

You can continue to work in the console. As you decided to finish collecting traffic, enter - no debug packet capture interface vNic_0. Now let's see the created file with this data - debug show files.

 

After saving file, copy it from EDGE to the remote server, where continue to work with it and analyze it. The following protocols are supported - FTP or SCP. Copy to the root of the FTP server 192.168.2.2 located in VDC, debug copy ftp FTP_USER_NAME @ FTP_SERVER: / tcpdump_vNic_0.0, then enter password.

 

SCP protocol is executed the same way. The file is copied to FTP, do not store it on EDGE and delete debug remove tcpdump_vNic_0.0

 

Wireshark-m is installed on server, open it normally.

Have you tried Virtual cloud servers by Cloud4Y? Not yet? 

 

Leave a request and get a 10-day free trial. 

 

 

Смотреть подробности   
  • 96 Users Found This Useful
Was this answer helpful?

Related Articles

Hairpin NAT on the Edge Gateway

Hairpin NAT can be used to access a host behind a NAT while also being behind that same NAT....

Diagnosing Network Connections on an EDGE Virtual Router (Part 1)

Sometimes you may have problems configuring the virtual router when port forwarding is not...

Load balancing with advanced edge

A load balancer built into the advanced edge accepts UDP, TCP, HTTP, HTTPS requests and...

Network configuration of VMware infrastructure (NAT, DHCP, Firewall, Static Routing, VPN)

Network configuration of VMware infrastructure (NAT, DHCP, Firewall, Static Routing, VPN)....

Edge Load Balancing by URI

Edge Load Balancer is actually a HAProxy and supports different ways of balancing traffic between...