Collecting network packets

Network Administration Guide for Hitachi NAS Platform

Version
15.1.x
Audience
anonymous
Part Number
MK-92HNAS008-33

It is possible to perform a complete capture of network packets on a NAS server using the packet-capture command. This is useful when the server is experiencing protocol errors.

Once started, this command collects all header and content packets from the NAS server and stores them in a file in NAS memory. This file is named tmp and it can grow to a maximum size of 32MB or 15000 frames (whichever is reached first).

To retrieve this file, use the nail command to email it to a user. Alternatively, use the ssget command to send it to the NAS Manager for later collection. The ssget command works from an ssc connection and, therefore, is usable locally or on a server connected to an external SMU.

The file format is .pcap. To analyze the contents the following filter applications are supported:

  • tcpdump
  • tshark
  • wireshark

The packet-capture command also supports aggregations as shown in the example below:

packet-capture --start ag1
CAUTION:
Server performance is severely degraded during packet capture. It is recommended to use port mirroring on the upstream switch instead of using the packet capture command on the NAS server.