Hi,
I am trying to capture traffic at the Mellanox SN2410 Ethernet Switch using tcpdump. Now I want to analyze the pcap file by importing it to a remote system. I tried several ways to access the file but I am unable to scp the file as I don’t know the location of the file and the file stored seems to not have permission to read. I also tried to upload the file from within the switch to scp to the remote system but that gives me public key authentication error. Can you please help me with this issue.
Thank you,
Paridhika
Hi Paridhika,
If you are using Nvidia ONYX (which I believe you are based on the description of your problem), you may use the following syntax to accomplish what you are looking to do.
# file tcpdump upload <filename> vrf <vrf_name> scp://<username>@<hostname/IP>/<path>/<filename>
If you continue to face issues, I suggest you open a support case to get assistance.
Thank you!
Hi,
Thank you for your reply.
I am using this command
file tcpdump upload <filename> scp://<username>@<IP>/<filename>
But it gives me Permission denied (publickey,password).
Can you please tell me what is vrf_name here?
I am trying to find out the location <path> where the tcpdump file is saved on the switch. Do you have any idea about that?
Thanks!
HI Paridhika,
vrf_name is the vrf on the switch for which the target machine is reachable via. If you are using the defualt vrf, then you can simply exclude the “vrf <vrf_name>” option from the command.
Permission denied (publickey,password) error you are getting is from your target machine and has nothing to do with the ONYX switch. It indicates you are using incorrect credentials (ssh keys or password) for the user that you are attempting to authenticate with.
If you continue to face issues, you may install an sftp application like winscp and sftp to the switch itself and navigate to /var/opt/tms/tcpdumps/ in there you will find a “user” directory and a “wjh-pcaps” directory. The “user” directory is where the tcpdumps you run manually and wrote to a file are saved. The “wjh-pcaps” directory is where the “What-Just-Happened” feature writes its pcap files. From there, you will be able to copy the files off the switch to your local machine.
Hope this helps!
Hi,
That works, found my files. I can scp from the file path /var/opt/tms/tcpdumps/.
Thank you so much for the help.
Best,
Paridhika
Paridhika,
Thanks for confirming this solution worked for you! Glad we were able to sort it out. Please don’t hesitate to reach out to NVIDIA for any other queries you may have in the future.