TCP Dump

TCP Dump is a most powerful and widely used command-line packets sniffer or package analyzer tool, which is used to capture or filter TCP/IP packets that are received or transferred over a network on a specific interface. It is available under most of the Linux/Unix based operating systems. TCP dump also provides us an option to save captured packets in a file for future analysis. It saves the file in a pcap format, which can be viewed by tcpdump command or an open source UI based tool called Wireshark (Network Protocol Analyzer) that reads tcpdump pcap format files.

TCP Dump Usage

  • Capture Packets from Specific Interface
  • Capture Only N Number of Packets
  • Print Captured Packets in ASCII
  • Display Captured Packets in HEX and ASCII
  • Capture and Save Packets in a File
  • Read Captured Packets File
  • Capture IP address Packets
  • Capture only TCP Packets
  • Capture Packet from Specific Port
  • Capture Packets from source IP

Take TCP Dump

To take a TCP dump, follow the below mentioned steps:

  1. Go to Actions > TCP Dump. The TCP Dump Settings window is displayed.
Figure 53: TCP Dump Settings

2. Select the tier name from the drop-down list, the server list is populated according to the selected tier.

3. Select the server from the drop-down list.

4. On selecting the server, the interface list is populated automatically, select the interface from the drop-down list on which you need to capture the TCP dump.

5. Selecting a server name also fills the destination path automatically. The destination path is the path where the TCP dump is stored. You can also change the destination path according to the requirements.

6. You need to fill in some fields, such as Maximum Duration, Size, Number of Packets, and port.

7. If any field value reaches its specified limit, then tcpdump is stopped. Suppose, you insert eth0 as the interface, the Max duration is 120 Secs, the Size is 20 MB and the number of packets is 1200. Within 70 secs if the size of pcap file reaches 20 MB, then the tcpdump is stopped.

7. To specify some extra attributes, mention them in the Additional Attributes

8. To view the TCP command that is going to be executed based on the specifications provided, click the View TCP Command icon ( ).

9. After providing all the required specifications, click the Take TCP Dump

Figure 54: TCP Dump Command

10. After processing the TCP Dump, a confirmation message is displayed for successful operation.

11. Click OK to close the dialog box.

View TCP Dump List

To view the TCP dump list, follow the below mentioned steps.

  1. Open the TCP Dump Settings page, via Actions > TCP Dump. (Mentioned earlier). The TCP Dump Settings window is displayed.
Figure 55: TCP Dump Icon

2. Click the TCP Dump List The TCP Dump List is displayed with the following details.

Figure 56: TCP Dump List
  • Tier: This denotes the tier name selected while taking the TCP dump.
  • Server: This denotes the server name (corresponding to the tier) selected at the time of taking TCP Dump.
  • TCP Dump Name: This denotes the file name in which TCP dump is stored. The file is stored in pcap To open/view the file, install wireshark on the system.
  • File Size: This denotes the size of the TCP dump file in KB.
  • Duration: This denotes the duration specified (in seconds) in the TCP dump settings.
  • Packets: This denotes the number of packets received.
  • Max Duration: This denotes the actual duration of the TCP dump (in seconds).
  • Size: This denotes the size specified for the TCP dump file in MB.
  • Date: This denotes the date when the TCP dump is taken.
  • Time: This denotes the time when the TCP dump is taken.
  • TCP Command: This denotes the TCP command executed for taking the TCP dump.

Note: A user can perform the following operation in the TCP Dump List window:

 

  1. Delete: This button is used to delete the selected TCP dump from the list. To delete TCP Dump, click on the Delete button.
  2. Download: This button is used to download the TCP Dump. To download the TCP Dump, click on the Download button.
  3. Cancel: This button is used to cancel the TCP Dump window. To cancel the TCP Dump window, click on the Cancel Open the TCP dump file. It can be viewed below:
Figure 57: TCP Dump File

Delete TCP Dump File

To delete a TCP dump file, select the file first and then, click the Delete  button. The system prompts a confirmation message for deletion as shown in the below figure. Click OK  to delete the file.

Figure 58: Confirmation Dialog Box

Java Heap Analyzer

A java heap analyzer, analyses java heap dumps by parsing the java heap dump, creating directional graphs and transforming them into directional trees, and executing the heuristic search engine.

Figure 59: Java Heap Analyzer Window

In the Java Heap Analyzer window, the user has to select the respective Tier and Server from the given drop-down.

  1. Java Instances: In java instances, there are following three details about the instances:
  • Process ID: This field shows the process id for the corresponding process.
  • Instance Name: This field shows the name of the instance which is running.
  • Process Arguments: This field shows the arguments which are passed for the corresponding process.

Note: Once the user has selected the Tier and Server, the user can either click on All button or can click on the ND button. If the user selects the All  button, it will show the java instances for all the respective tiers and servers. If the user selects the ND  button, it will show the java instances only for the NetDiagnostics (ND) tiers and servers.

 

  1. Memory Leak Analyzer: In the memory leak analyzer, we have the following ways to analyze:
  • Tabular view
  • Chart View
  • Compare

Tabular View

Figure 60: Memory Leak Analyzer Window

In tabular view we have following columns:

  • Object Type
  • Growth Rate(kb/s)
  • Heap Usage (in %)
  • Size(mb)
  • Delta Size(kb)
  • Count
  • Delta Count

Chart View

Figure 61: Chart View

Heap Compare

Figure 62: Heap Usage Comparison
Previous
Next