Sunday, March 13, 2011

Tcpdump Packet Debugging in Arista EOS

Debugging in Arista's EOS is a cinch using the included tried and true protocol analyzer, tcpdump. Heck if you really wanted to you could load a wireshark extension on the underlying standard linux kernel. So far I have found that analyzing basic packet flows is easy enough using tcpdump and if you want to save a pcap file for export and analysis using your favorite tool, that's an option as well. 


$bash sudo tcpdump -i vlan18 -t

$bash sudo tcpdump -i vlan16 -v -vv








Some Handy Flags
-c  number of packets
-D  prints the list of network interfaces available on the system and on which tcpdump can capture packets
-E  decrypt IPsec ESP packets
-i  specify which interface to capture on
-q  quick output, print less protocol info so output line is shorter  
-r  read packets from a saved file (when you have used -w to create a capture file)
-t  no timestamp
-ttt  print delta (micro-second resolution) between current and previous line on each dump file
-ttttt  print delta (micro-second resolution) between current and first line on each dump file  
-v  produce slightly more, verbose output 
-vv  even more verbose
-vvv  even more verbose
-w  write to a file for later analysis
-X  print data of each packet


For more information check the man pages on an Arista switch

2 comments:

DHCP Relay with Arista

When I went to install a new set of fancy Arista switches I expected some behavioral differences  with other vendors when I got into advanced features like MLAG, VM Tracer, etc. But, DHCP relay agent? What I found was, the default behavior in the Arista software, EOS 4.6.1, meant that the switch employed the use of Option 82 out-of-the-box. In a tcpdump I noticed the switch inserted  the relay interface name in the circuit-id (sub-option 1) field. Because I was concerned sending unused options might be problematic, I opted to disable the option 82 push with the no ip dhcp relay circuit-id interface configuration command.  I later found that the aforementioned command does not disable the insertion of the circuit-id value. Instead the command reverts a value you may have configured and sets it back to the default value which is the interface name. In our example, vlan10. More importantly however, the Arista switch correctly utilizes the GIADDR DHCP field and inserts the relay interface IP address. 





1 comment:
Subscribe to: Posts (Atom)