Expressway rotating PCAPs

Sometimes its good for specific calls to have also a full packet capture from Expressway. Here we go:

How to enable it:

1. Open SSH session to the Expressway server and login using the root command
2. Start the tcpdump with the appropriate filter, see below:

tcpdump -i any -s 0 -C 50 -W 25 -w /mnt/harddisk/log/<set a name>_$(hostname)_ &

Rotating tcpdump, How to stop it when the issue occurred:

1. Look up the process id using : “pidof tcpdump” command
2. Kill this process using “kill <pid-of-previous-command>” command
3. Collect using WinSCP the files named as <set a name>_(hostname) found under /mnt/harddisk/log folder

Happy Capture!!

Leave a Reply

Your email address will not be published. Required fields are marked *