How to collect network traces using inbuilt utilities
This article applies to:
- OS: Linux and Windows
- Product edition: Phoenix
This article describes procedures to collect network trace on Linux, macOS, and Windows systems.
Collect network trace
Follow the steps provided below for the respective operating systems. The commands specified in the procedure must be run from an elevated command prompt.
Reserve adequate free space in the drive on which the trace files will be saved to avoid running out of disk space.
Use the tcpdump tool to collect the network trace.
- In most Linux systems, tcpdump tool is pre-installed. If the tool is not installed, install it with the following command:
yum install tcpdump
- Determine the name of the active network adapter using any of the below commands.
Collect the network packets and save them in a pcap file
tcpdump -w /tmp/0001.pcap -i en0
/tmp is the location where we want to save the capture
0001.pcap is the name of the capture file
en0 is the name of the active adapter derived in Step 2
Reproduce the issue.
Use Ctrl+C to stop the capture.
Collect the /tmp/0001.pcap and send it for analysis.
Use the netsh tool to capture etl tracing.
- Create a temporary directory. C:\temp1 is created as an example to explain this procedure.
- Start the trace with the following command:
NETSH TRACE START CAPTURE=YES TRACEFILE=c:\temp1\example.etl
- example.etl is the name of the trace file.
- c:\temp1 is the location where the trace file is saved.
- Reproduce the issue.
- Stop the trace with the following command:
NETSH TRACE STOP
- Collect the entire C:\Temp1 directory and share it with support in a zipped file for analysis.