Applies to: All versions of Zorp
Introduction
Tcpdumps contain all traffic sent and received by a network interface and are invaluable in troubleshooting. Always create tcpdumps of all relevant interfaces of Zorp, e.g., the interfaces of both the client- and the server-side connections. Currently ZMC cannot produce tcpdumps; they must be created from the command line.
Solution
To create a tcpdump, complete the following steps:
- Login to the Zorp host from a local console, or remotely via SSH. NOTE: SSH access must be enabled in ZMC to access Zorp remotely.
Execute the following command:
tcpdump -peni ethx -s0 -w output.txt
where ethx is the name of the network interface connected to the clients. The traffic is saved into the output.txt file of the local directory.
- Repeat Steps 1-2, and start a tcpdump on the network interface connected to the Internet.
- Reproduce the error.
- Stop both tcpdumps by pressing CTRL+C.
Download the tcpdump files to your local machine using the scp command or a graphical scp client, like WinSCP.
- Attach the files to your BOSS support request.
NOTE: tcpdump can produce very large files on high-trafic networks. Therefore, you might need to use filters to record only relevant traffic, e.g., to record traffic only from a selected IP address.
Additional information / References
For details on enabling remote SSH access to Zorp, see the Skeleton concept section in the Zorp Administrator's Guide available at
http://www.balabit.com/dl/html/zorp-admin-guide.html/ch09s04.html#pf_create_skeleton
For an introduction on tcpdump filters, see the tcpdump(8) manual page available at
http://www.tcpdump.org/tcpdump_man.html