Specifications

3-229

Cisco Wide Area Application Services Command Reference

OL-11817-01

Chapter 3 CLI Commands

tcpdump

To dump network traffic, use the tcpdump EXEC command.

tcpdump [LINE]

Syntax Description

Defaults No default behavior or values

Command Modes EXEC

Device Modes application-accelerator

central-manager

Usage Guidelines TCPdump is a utility that allows a user to intercept and capture packets passing through a network

interface, making it useful for troubleshooting network applications.

During normal network operation, only the packets which are addressed to a network interface are

intercepted and passed on to the upper layers of the TCP/IP protocol layer stack. Packets which are not

addressed to the interface are ignored. In Promiscuous mode, the packets which are not intended to be

received by the interface are also intercepted and passed on to the higher levels of the protocol stack.

TCPdump works by putting the network interface into promiscuous mode. TCPdump uses the free

libpcap (packet capture library).

Use the -h option to view the options available, as shown in this example:

WAE# tcpdump -h

tcpdump version 3.8.1 (jlemon)

libpcap version 0.8

Usage: tcpdump [-aAdDeflLnNOpqRStuUvxX] [-c count] [ -C file_size ]

[ -E algo:secret ] [ -F file ] [ -i interface ] [ -r file ]

[ -s snaplen ] [ -T type ] [ -w file ] [ -y datalinktype ]

[ expression ]

Examples The following example starts a network traffic dump to a file named tcpdump.txt:

WAE# tcpdump -w tcpdump.txt

Related Commands less

ping

tethereal

traceroute

LINE (Optional) Dump options.