tech

To dump traffic on a selected network interface, use the tech command in the EXEC mode.

tech dumptcp <0-3> count <package count>

Syntax Description

tech

TAC commands.

dumptcp

The command to dump a TCP package to the console.

0-3

Gigabit Ethernet interface number (0 to 3).

count

Specifies a maximum package count, and default is continuous (no limit).

package count

Supports 1–10000.

Defaults

Disabled.

Command Modes

EXEC

Usage Guidelines

If you see bad udp cksum warnings in the tech dumptcp output, it may not be a cause for concern. The tech dumptcp command examines outgoing packets before they exit through the Ethernet microprocessor. Most modern Ethernet chips calculate checksums on outgoing packets, and so the operating system software stack does not. Hence, it is normal to see outgoing packets declared as bad udp cksum.

Examples

cd-pos-dev17/admin# tech dumptcp 0 count 30

Invoking tcpdump. Press Control-C to interrupt.

tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes

10:27:32.923319 IP (tos 0x10, ttl 64, id 1377, offset 0, flags [DF], proto: TCP (6), length: 92) 10.77.122.201.22 > 10.77.204.132.3142: P 165

9025089:1659025141(52) ack 793752673 win 12144

10:27:32.923613 IP (tos 0x10, ttl 64, id 1378, offset 0, flags [DF], proto: TCP (6), length: 156) 10.77.122.201.22 > 10.77.204.132.3142: P 52

:168(116) ack 1 win 12144

10:27:32.940203 IP (tos 0x0, ttl 55, id 12075, offset 0, flags [none], proto: UDP (17), length: 123) 72.163.128.140.53 > 10.77.122.201.43876:

13150 NXDomain* q: AAAA? cda-201.cisco.com. 0/1/0 ns: cisco.com. SOA[|domain]

10:27:32.952693 IP (tos 0x0, ttl 119, id 52324, offset 0, flags [DF], proto: TCP (6), length: 40) 10.77.204.132.3142 > 10.77.122.201.22: ., ck

sum 0x4ed3 (correct), 1:1(0) ack 168 win 64192

10:27:33.201646 IP (tos 0x0, ttl 64, id 39209, offset 0, flags [DF], proto: UDP (17), length: 63) 10.77.122.201.50340 > 72.163.128.140.53: [b

ad udp cksum b8a2!] 49140+ AAAA? cda-201.cisco.com. (35)

10:27:33.226571 IP (tos 0x0, ttl 55, id 26568, offset 0, flags [none], proto: UDP (17), length: 123) 72.163.128.140.53 > 10.77.122.201.50340:

49140 NXDomain* q: AAAA? cda-201.cisco.com. 0/1/0 ns: cisco.com. SOA[|domain]

10:27:33.415173 IP (tos 0x0, ttl 64, id 39423, offset 0, flags [DF], proto: UDP (17), length: 63) 10.77.122.201.56578 > 72.163.128.140.53: [b

ad udp cksum 8854!] 62918+ AAAA? cda-201.cisco.com. (35)

10:27:33.453429 IP (tos 0x0, ttl 55, id 12076, offset 0, flags [none], proto: UDP (17), length: 123) 72.163.128.140.53 > 10.77.122.201.56578:

62918 NXDomain* q: AAAA? cda-201.cisco.com. 0/1/0 ns: cisco.com. SOA[|domain]

10:27:33.579551 arp who-has 10.77.122.120 tell 10.77.122.250

10:27:33.741303 IP (tos 0x0, ttl 128, id 21433, offset 0, flags [DF], proto: UDP (17), length: 306) 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHC

P, Request from e4:1f:13:77:13:34, length: 278, xid:0x1377f72b, flags: [Broadcast] (0x8000)

Client Ethernet Address: e4:1f:13:77:13:34 [|bootp]

10:27:33.788119 IP (tos 0x0, ttl 64, id 39796, offset 0, flags [DF], proto: UDP (17), length: 63) 10.77.122.201.43779 > 72.163.128.140.53: [b

ad udp cksum 2ffc!] 32798+ AAAA? cda-201.cisco.com. (35)

10:27:33.812961 IP (tos 0x0, ttl 55, id 26569, offset 0, flags [none], proto: UDP (17), length: 123) 72.163.128.140.53 > 10.77.122.201.43779:

32798 NXDomain* q: AAAA? cda-201.cisco.com. 0/1/0 ns: cisco.com. SOA[|domain]

10:27:34.003769 IP (tos 0x0, ttl 64, id 40011, offset 0, flags [DF], proto: UDP (17), length: 63) 10.77.122.201.23267 > 72.163.128.140.53: [b

ad udp cksum 2e85!] 18240+ AAAA? cda-201.cisco.com. (35)

10:27:34.038636 IP (tos 0x0, ttl 55, id 26570, offset 0, flags [none], proto: UDP (17), length: 123) 72.163.128.140.53 > 10.77.122.201.23267:

18240 NXDomain* q: AAAA? cda-201.cisco.com. 0/1/0 ns: cisco.com. SOA[|domain]

10:27:34.579054 arp who-has 10.77.122.120 tell 10.77.122.250

10:27:34.927369 arp who-has 10.77.122.42 tell 10.77.122.40

10:27:35.727151 IP (tos 0x0, ttl 255, id 64860, offset 0, flags [none], proto: UDP (17), length: 317) 0.0.0.0.68 > 255.255.255.255.67: BOOTP/D

HCP, Request from 3c:df:1e:58:0f:c0, length: 289, xid:0x161504, flags: [Broadcast] (0x8000)

Client Ethernet Address: 3c:df:1e:58:0f:c0 [|bootp]

10:27:36.190658 CDPv2, ttl: 180s, checksum: 692 (unverified), length 384

Device-ID (0x01), length: 12 bytes: 'hyd04-lab-SW'[|cdp]

30 packets captured

30 packets received by filter

0 packets dropped by kernel

cda-201/admin#