How to: tcpdump UCS Management traffic.

Rather than regurgitate all the information whole here is the skinny:

  1. SSH into your UCS chassis (aka primary fabric interconnect)
  2. connect nxos
  3. ethanalyzer local interface mgmt limit-captured-frames 2000 write volatile:/mycapture.cap
    1. ethanalyzer is the command
    2. local is default
    3. interface so we can tell it where we want to capture packets from.
    4. mgmt is the one I'm interested in
    5. limit-capture-frames is there because it limits to 10 by default and is way too fast when troubleshooting.
    6. write to output a capture file located in volatile memory (deletes when FI is rebooted.)
  4. Exit
  5. connect local-mgmt
  6. cp volatile:/mycapture.cap scp://username@linuxservername/somepath
    1. Where 'scp' is defined, can be ftp, sftp, tftp, volatile, or workspace as well.
    2. The capture file can be read in applications like wireshark.
This helped me figure out my LDAP Authentication issues.

Full article and explanation of how to do what I've outlined above was found here:

Thanks to Jeff for his write-up, otherwise I would've never gotten anywhere with TAC.

Command to search for LDAP related commands.
ethanalyzer local interface mgmt capture-filter "tcp port 389" limit-captured-frames 2000 write volatile:/mycapture.cap

or if you're using LDAPS you need to scan port 636, although not sure if it will be useful data.

ethanalyzer local interface mgmt capture-filter "tcp port 636" limit-captured-frames 2000 write volatile:/mycapture.cap

No comments: