This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to: TCPDump on XG

How to: Dump on XG


Hi everybody. 

I want to share my experience in dumping on XG with you. Most of the time, i have to write down, how it is done, so i will summarize it here. 


First of all, get a SSH Session to your XG. 


You have to use the "admin" to login.


Switch to Advanced Shell (Option 5.  and Option 3.). 


We can now perform a tcpdump. 

Refer to the man page of tcpdump for all kind of filter.




But here are my "most used":


tcpdump -ni any 

You will see all the traffic on all Interfaces with all IPs.

I cannot recommend this because you will see the SSH Traffic as well. 


Filter the traffic with port PORTNUMBER and / or host IP_Address. Basically you can use all kind of logical connectives like and, or, nor etc.



tcpdump -ni any host and port 443 



You can also specify the port with replacing any to the wanted interface (Port3). 

tcpdump -ni Port3 host and port 443 





For better understanding, you can write the dump into a file with -b -w /tmp/dump.pcap

Use PSCP to download this file.

And you can open this file with wireshark and use the power of wireshark to troubleshoot. 





Lets get back to the Shell version.

If you want to see all pings, just use: 

tcpdump -ni any icmp 

In my case, i am using a bridge, so i will see the packets 3 times. 

The packet arrives on Port1, will transferred to br0 and leaves the appliance on Port2 with my MASQ ip.  




Keep in mind, XG has to NAT the traffic etc. pp. So basically will not be displayed on WAN port etc. Feel free to play with those filters in tcpdump and you will find nearly everything. 


Feel free to comment and i will add everything in more detail.

This thread was automatically locked due to age.
Parents Reply Children
No Data