Monitoring, Management & Location Tracking

tcpdump wireshark example

Aruba Employee

Below are some examples of tcpdump commands for capturing packets that can be opened with Wireshark or Ethereal:

To get all traffic between the AMP and any one host:

# tcpdump -s0 -w <FILEPATH> host <IP_ADDRESS> 

For all traffic on a specific port:

# tcpdump -s0 -w <FILEPATH> port <PORT_NUMBER>

For a specific port AND a specific remote device

# tcpdump -s0 -w <FILEPATH> host <IP_ADDRESS> && port <PORT_NUMBER>

As a specific example, if I wanted to capture all the snmp traffic on port 161 between my AMP and a controller at 10.51.3.234, and I wanted that traffic in a Wireshark-readable file at /tmp/controller_snmp.dmp, I would do this:

# tcpdump -s0 -w /tmp/controller_snmp.dmp host 10.51.3.234 && port 161

For more detailed information consult the man pages for tcpdump

#man tcpdump

A copy of Wireshark can be downloaded from:
http://www.wireshark.org/download.html

Version history
Revision #:
1 of 1
Last update:
‎06-10-2014 03:05 PM
Updated by:
 
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.