To dump traffic on a selected network interface, use the tech command in the EXEC mode.
tech dumptcp <0-3> count <package count>
Specifies a maximum package count, and default is continuous (no limit). |
|
If you see bad udp cksum warnings in the tech dumptcp output, it may not be a cause for concern. The tech dumptcp command examines outgoing packets before they exit through the Ethernet microprocessor. Most modern Ethernet chips calculate checksums on outgoing packets, and so the operating system software stack does not. Hence, it is normal to see outgoing packets declared as bad udp cksum.
cd-pos-dev17/admin# tech
dumptcp 0 count 30
Invoking tcpdump. Press Control-C to interrupt.
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
10:27:32.923319 IP (tos 0x10, ttl 64, id 1377, offset 0, flags [DF], proto: TCP (6), length: 92) 10.77.122.201.22 > 10.77.204.132.3142: P 165
9025089:1659025141(52) ack 793752673 win 12144
10:27:32.923613 IP (tos 0x10, ttl 64, id 1378, offset 0, flags [DF], proto: TCP (6), length: 156) 10.77.122.201.22 > 10.77.204.132.3142: P 52
10:27:32.940203 IP (tos 0x0, ttl 55, id 12075, offset 0, flags [none], proto: UDP (17), length: 123) 72.163.128.140.53 > 10.77.122.201.43876:
13150 NXDomain* q: AAAA? cda-201.cisco.com. 0/1/0 ns: cisco.com. SOA[|domain]
10:27:32.952693 IP (tos 0x0, ttl 119, id 52324, offset 0, flags [DF], proto: TCP (6), length: 40) 10.77.204.132.3142 > 10.77.122.201.22: ., ck
sum 0x4ed3 (correct), 1:1(0) ack 168 win 64192
10:27:33.201646 IP (tos 0x0, ttl 64, id 39209, offset 0, flags [DF], proto: UDP (17), length: 63) 10.77.122.201.50340 > 72.163.128.140.53: [b
ad udp cksum b8a2!] 49140+ AAAA? cda-201.cisco.com. (35)
10:27:33.226571 IP (tos 0x0, ttl 55, id 26568, offset 0, flags [none], proto: UDP (17), length: 123) 72.163.128.140.53 > 10.77.122.201.50340:
49140 NXDomain* q: AAAA? cda-201.cisco.com. 0/1/0 ns: cisco.com. SOA[|domain]
10:27:33.415173 IP (tos 0x0, ttl 64, id 39423, offset 0, flags [DF], proto: UDP (17), length: 63) 10.77.122.201.56578 > 72.163.128.140.53: [b
ad udp cksum 8854!] 62918+ AAAA? cda-201.cisco.com. (35)
10:27:33.453429 IP (tos 0x0, ttl 55, id 12076, offset 0, flags [none], proto: UDP (17), length: 123) 72.163.128.140.53 > 10.77.122.201.56578:
62918 NXDomain* q: AAAA? cda-201.cisco.com. 0/1/0 ns: cisco.com. SOA[|domain]
10:27:33.579551 arp who-has 10.77.122.120 tell 10.77.122.250
10:27:33.741303 IP (tos 0x0, ttl 128, id 21433, offset 0, flags [DF], proto: UDP (17), length: 306) 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHC
P, Request from e4:1f:13:77:13:34, length: 278, xid:0x1377f72b, flags: [Broadcast] (0x8000)
Client Ethernet Address: e4:1f:13:77:13:34 [|bootp]
10:27:33.788119 IP (tos 0x0, ttl 64, id 39796, offset 0, flags [DF], proto: UDP (17), length: 63) 10.77.122.201.43779 > 72.163.128.140.53: [b
ad udp cksum 2ffc!] 32798+ AAAA? cda-201.cisco.com. (35)
10:27:33.812961 IP (tos 0x0, ttl 55, id 26569, offset 0, flags [none], proto: UDP (17), length: 123) 72.163.128.140.53 > 10.77.122.201.43779:
32798 NXDomain* q: AAAA? cda-201.cisco.com. 0/1/0 ns: cisco.com. SOA[|domain]
10:27:34.003769 IP (tos 0x0, ttl 64, id 40011, offset 0, flags [DF], proto: UDP (17), length: 63) 10.77.122.201.23267 > 72.163.128.140.53: [b
ad udp cksum 2e85!] 18240+ AAAA? cda-201.cisco.com. (35)
10:27:34.038636 IP (tos 0x0, ttl 55, id 26570, offset 0, flags [none], proto: UDP (17), length: 123) 72.163.128.140.53 > 10.77.122.201.23267:
18240 NXDomain* q: AAAA? cda-201.cisco.com. 0/1/0 ns: cisco.com. SOA[|domain]
10:27:34.579054 arp who-has 10.77.122.120 tell 10.77.122.250
10:27:34.927369 arp who-has 10.77.122.42 tell 10.77.122.40
10:27:35.727151 IP (tos 0x0, ttl 255, id 64860, offset 0, flags [none], proto: UDP (17), length: 317) 0.0.0.0.68 > 255.255.255.255.67: BOOTP/D
HCP, Request from 3c:df:1e:58:0f:c0, length: 289, xid:0x161504, flags: [Broadcast] (0x8000)
Client Ethernet Address: 3c:df:1e:58:0f:c0 [|bootp]
10:27:36.190658 CDPv2, ttl: 180s, checksum: 692 (unverified), length 384