Reset Search
 

 

Article

NAC Troubleshooting Tips - common tcpdump commands used for isolating issue

« Go Back

Information

 
TitleNAC Troubleshooting Tips - common tcpdump commands used for isolating issue
Objective
Use tcpdump commands in the SSH shell of NAC to troubleshoot issues.
Environment
  • Netsight NAC
  • Linux
  • Ununtu
  • Tcpdump
Procedure
SSH to the NAC Appliance you wish to run the tcpdump command on

For ALL examples, use Control-C to stop the packet capture. To limit capture size, read Additional notes below.

For issues with Radius or Authentication coming from a source switch or wireless controller use the below as  example
 
tcpdump -i eth0 -s0 port 1812 and port 1813 -w radius.pcap

Note that it may be easier if you know the target device sending the radius packets. In that case, add the IP address into that command.
tcpdump -i eth0 -s0 port 1812 and port 1813 and host 1.2.3.4 -w radius.pcap

If one omits the -w radius.pcap, the information will print to the screen with limited detail. It is often used to see if one sees any traffic at all prior to capturing to a file.

For issues with the NAC Captive Portal here is a common example
tcpdump -i eth0  -s0 port 80 and port 445 and host <host IP of connecting device to portal> -w portal trace.

For issues with LDAP Authentication
tcpdump -i eth0 -s0 port 389 or port 636

 
Additional notes
  • Using the -w flag will leave the files in the default directory that one logs into the appliance with. using a -w /home will place the file in the /home directory.
  • Additional flags that are useful. To create 10 1MB files use the following additional flags.Note the capital letters.  -C 1 -W 10
  • Use WinSCP or other SCP/SFTP client to extract data from this location to view with the gold standard application Wireshark.
  • How to use WinSCP to copy files to and from a Netsight / Extreme Control Center Appliance

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255