To perform a TCP dump via the console, follow the steps below:

  1. Log in to the console.

  2. Select Utilities.

  3. Select Diagnostics.

  4. Select Diagnostic Shell.
  5. Enter the relevant commands at the % prompt, for example:

    tcpdump –s 1500 –c 10000 –i eth0 –w eth0.pcap FILTER0 &

    Note: If performing a TCP dump on a two-armed device, ensure to enter the ampersand (&) at the end of the command and also use the command below.

    tcpdump –s 1500 –c 10000 –i eth1 –w eth1.pcap FILTER1

  6. Please select the appropriate filter for FILTER0 and FILTER1:
    1. Host 1.2.3.4
    2. Port 1234
    3. Host 1.2.3.4 and port 1234
  7. For example, a complete TCP dump command might look like this:

    tcpdump –s 1500 –c 10000 –i eth0 –w eth0.pcap host 1.2.3.4 and port 80

  8. This will capture all traffic to or from IP 1.2.3.4 with a source or destination port of 80.
    Note: As the example command above is set to quit after 10,000 packets, the capture may need to be restarted if the situation in question does not occur within the first 10,000 packets captured, i.e. in the case of heavy load.
  9. Make access from the client to the Virtual Server to produce the error.
  10. Return to the diagnostic shell.
  11. Stop the packet capture by holding Ctrl on the keyboard and pressing C.
  12. If running a TCP dump on a two-armed setup, enter the command fg. The second trace will appear. Stop the second packet capture by holding Ctrl on the keyboard and pressing C.
  13. Connect to the FTP server and send the file by entering the command:

    ftp <FTP IP address>

  14. Enter credentials (this depends on the FTP server).
  15. Then, enter the following commands:

    binary

    put eth0.pcap

    put eth1.pcap (if running a packet trace on a two-armed configuration)

    bye

  16. It is now possible to retrieve the packet capture files from the FTP server and analyse them in the application of choice, for example Wireshark.
  17. Use the exit command to exit the Diagnostic Shell.

If instructed by a Progress Kemp Support Engineer, you can send them the packet trace file for analysis. Before sending the packet capture, please open it using a relevant tool, for example Wireshark, to ensure both the quality of the data and the integrity of the file.

Note: Please keep in mind any security implications of sending the packet capture.

Error during FTP Transfer

If an error occurs which notifies of a damaged or corrupt file, it is likely that the file was not transferred in binary mode. Repeat Step 13 in the Perform a TCP Dump via the Console section and ensure to issue the binary command before transferring.