Isilon TCPdump Packet Capture
Posted: Wed Mar 22, 2023 11:27 am
#Logon on to the isilon via SSH using putty:
#Change the directory -
cd /ifs/data/Isilon_Support/
mkdir SR<#>
#Run the following command to dump TCP (Packet Capture), ensure the SR <#> below matches the above created directory.
isi_for_array 'for i in `ifconfig | grep -B2 ether | grep flags | cut -d: -f1`; do tcpdump -i ${i} -s512 -w /ifs/data/Isilon_Support/SR<#>/`hostname`.${i}_$(date +%m%d%Y_%H%M%S).pcap &; done'
#packet captures will appear in the /ifs/data/Isilon_Support/SR<#> directory, these can be uploaded to EMC or whatever vendor is requesting them.
#to automatically upload it to emc, run the below command
isi_gather_info --nologs --local -f /ifs/data/Isilon_Support/<SR#>
IMPORTANT: verify on each node in the cluster that tcpdump is not running
ps -ef | grep tcpdump
if tcpdump is running on any node, kill that process.
if process is running then "isi_for_array killall tcpdump"
#Change the directory -
cd /ifs/data/Isilon_Support/
mkdir SR<#>
#Run the following command to dump TCP (Packet Capture), ensure the SR <#> below matches the above created directory.
isi_for_array 'for i in `ifconfig | grep -B2 ether | grep flags | cut -d: -f1`; do tcpdump -i ${i} -s512 -w /ifs/data/Isilon_Support/SR<#>/`hostname`.${i}_$(date +%m%d%Y_%H%M%S).pcap &; done'
#packet captures will appear in the /ifs/data/Isilon_Support/SR<#> directory, these can be uploaded to EMC or whatever vendor is requesting them.
#to automatically upload it to emc, run the below command
isi_gather_info --nologs --local -f /ifs/data/Isilon_Support/<SR#>
IMPORTANT: verify on each node in the cluster that tcpdump is not running
ps -ef | grep tcpdump
if tcpdump is running on any node, kill that process.
if process is running then "isi_for_array killall tcpdump"