Isilon TCPdump Packet Capture

Post Reply
chris
Site Admin
Posts: 36
Joined: Mon Dec 09, 2019 6:55 pm

Isilon TCPdump Packet Capture

Post by chris »

#Logon on to the isilon via SSH using putty:

#Change the directory -

cd /ifs/data/Isilon_Support/

mkdir SR<#>

#Run the following command to dump TCP (Packet Capture), ensure the SR <#> below matches the above created directory.

isi_for_array 'for i in `ifconfig | grep -B2 ether | grep flags | cut -d: -f1`; do tcpdump -i ${i} -s512 -w /ifs/data/Isilon_Support/SR<#>/`hostname`.${i}_$(date +%m%d%Y_%H%M%S).pcap &; done'


#packet captures will appear in the /ifs/data/Isilon_Support/SR<#> directory, these can be uploaded to EMC or whatever vendor is requesting them.

#to automatically upload it to emc, run the below command

isi_gather_info --nologs --local -f /ifs/data/Isilon_Support/<SR#>


IMPORTANT: verify on each node in the cluster that tcpdump is not running

ps -ef | grep tcpdump

if tcpdump is running on any node, kill that process.

if process is running then "isi_for_array killall tcpdump"
Post Reply