Skip to main content
Cisco SD-WAN
Support
Product Documentation
Viptela Documentation

tcpdump

tcpdump—Print a description of the contents of control plane packets on a network interface that match a boolean expression. This command is the same as the UNIX tcpdump command.

Command Syntax

tcpdump [help] [interface interface-name] [options "unix-options"] [vpn vpn-id]

Options

Interface to Watch
interface interface-name
Name of the interface on which to perform a TCP dump.
Options
options "unix-options"
One or more of the UNIX tcpdump command options, from among the following:
[ –AbdDefhHIJKlLnNOpqStuUv] [ –B size] [–c count ] [ –E algorithm:secret ] [ –j timestamp-type ] [ –M secret ] [ –T type] [–y data-link-type] [expression]
You must enclose unix-options in quotation marks.
For an explanation of the options, see http://www.tcpdump.org/tcpdump_man.html.
VPN to Watch
vpn vpn-id
VPN identifier in which the interface is located.

For an explanation of the remaining standard UNIX options, see http://www.tcpdump.org/tcpdump_man.html.

Example Output

Viptela# tcpdump vpn 1
tcpdump  in vpn 1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ge0_0, link-type EN10MB (Ethernet), capture size 65535 bytes
19:29:49.765224 IP 10.2.2.11 > 224.0.0.5: OSPFv2, Hello, length 48
19:29:49.768263 IP 10.2.2.12 > 224.0.0.5: OSPFv2, Hello, length 48
^C
2 packets captured
2 packets received by filter
0 packets dropped by kernel

Viptela# tcpdump vpn 512 interface eth0 options "-v -n tcp port 22"
tcpdump -i eth0 -s 128 -v -n tcp port 22 in VPN 512
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 128 bytes
14:42:45.077442 IP (tos 0x10, ttl 64, id 50767, offset 0, flags [DF], proto TCP (6), length 184)
    10.0.1.33.22 > 10.0.1.1.53312: Flags [P.], seq 3975104349:3975104481, ack 1536172049, win 218, options [nop,nop,TS val 82477842 ecr 561859671], length 132
14:42:45.077571 IP (tos 0x10, ttl 64, id 8995, offset 0, flags [DF], proto TCP (6), length 52)
    10.0.1.1.53312 > 10.0.1.33.22: Flags [.], cksum 0x1648 (incorrect -> 0xe882), ack 132, win 372, options [nop,nop,TS val 561859682 ecr 82477842], length 0
14:42:45.121925 IP (tos 0x10, ttl 64, id 50768, offset 0, flags [DF], proto TCP (6), length 632)
...

Release Information

Command introduced in Viptela Software Release 14.1.
In Release 16.3, update the command options.

Additional Information

tcpdump man page

  • Was this article helpful?