Reset Search



NAC Troubleshooting Tips - common tcpdump commands used for isolating issue

« Go Back


TitleNAC Troubleshooting Tips - common tcpdump commands used for isolating issue
Use tcpdump commands in the SSH shell of NAC to troubleshoot issues.
  • Netsight NAC
  • Linux
  • Ununtu
  • Tcpdump
  • search on mac, IP, port
SSH to the NAC Appliance you wish to run the tcpdump command on

For ALL examples, use Control-C to stop the packet capture. To limit capture size, read Additional notes below.

For issues with Radius or Authentication coming from a source switch or wireless controller use the below as  example
tcpdump -i eth0 -s 0 port 1812 and port 1813 -w radius.pcap

Note that it may be easier if you know the target device sending the radius packets. In that case, add the IP address into that command.
tcpdump -i eth0 -s 0 port 1812 or port 1813 and host -w radius.pcap
If one omits the -w radius.pcap, the information will print to the screen with limited detail. It is often used to see if one sees any traffic at all prior to capturing to a file.
tcpdump -i eth0 -s 0 port 1812 or port 3799 and host -w radiusW3799.pcap

If one is troubleshooting wireless and wants to get some RFC3576 Information add in port 3799

For issues with the NAC Captive Portal here is a common example
tcpdump -i eth0  -s 0 port 80 or port 443 and host <host IP of connecting device to portal> -w portaltrace.pcap

For issues with LDAP Authentication
tcpdump -i eth0 -s 0 port 389 or port 636

To search on multiple parameters using tcpdump use the following arguments and an 'and/or' to add multiple search parameters
  • port - tcp/udp port
  • host - ip address search
  • ether dst, ether src, ether host - MAC address search
tcpdump -i eth0 port 1812 and ether host
Additional notes
  • Run the timeout command before tcpdump to have the command run for a certain number of seconds. a 'timeout 120 tcpdump' will run for 120 seconds and then stop.
  • Using the -w flag will leave the files in the default directory that one logs into the appliance with. using a -w /home will place the file in the /home directory.
  • Additional flags that are useful. To create 10 1MB files use the following additional flags.Note the capital letters.  -C 1 -W 10
  • Use WinSCP or other SCP/SFTP client to extract data from this location to view with the gold standard application Wireshark.
  • How to use WinSCP to copy files to and from a Netsight / Extreme Control Center Appliance



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255