tcpdump utility

CipherTrust Manager includes partial functionality of tcpdump to troubleshoot network problems.

The "ksadmin" user can remotely access the CipherTrust Manager tcpdump utility in a private cloud deployment by accessing the Console, or in a physical appliance deployment, by directly connecting to the appliance's console port and using your ksadmin password.

Logging in as ksadmin user

To log in as ksadmin, you must first connect to the CipherTrust Manager console.

To connect and log in to the console for public cloud deployments

Consult public cloud documentation on SSH access to images. An SSH key for ksadmin login was provided during Virtual CipherTrust Manager launch on a supported public cloud.

To connect and log in to the console for private cloud deployments

Using SSH, you can remotely connect to the console port of a Virtual CipherTrust Manager instance deployed in a private cloud (e.g. VMware vSphere and HyperV).

1. Using an SSH utility (e.g. PuTTY) select an SSH session and enter the IP address assigned to the CipherTrust Manager instance during deployment. This is the same IP address used to browse to the GUI.

2. If using PuTTY, make sure your SSH keys are in ppk format. If they are in PEM format, you can convert them to ppk (e.g., using PuTTYgen utility).

3. Using the SSH utility, select the path to your SSH Private Key you will use to authenticate the session.

   

4. Select Open to start the SSH session.

To connect and log in to the console (for physical appliance deployments)

Using a serial cable, you can directly connect your console device (e.g. laptop) to the console port of a physical appliance (k470 and k570).

1. Connect the serial cable from your console device to the physical appliance console port.

2. Log in to the physical appliance as ksadmin user using the password you created during Appliance Initialization; refer to Appliance Initialization.

Example Syntax

sudo tcpdump -i <network_interface> [-n] [-c] [[src|dst] host <IP_address>] [[src|dst] port <port_number>]

Required syntax

• You must specify sudo.

• You must specify a network interface with the i argument. Available network interfaces depend on the CipherTrust Manager deployment type: physical, public cloud, or private cloud.

  To view available network interfaces, run sudo tcpdump with no arguments.

Options

• -c - Abbreviation for "count". Use this to specify a number of packets to display before exiting.

• -n - Abbreviation for "number". Display traffic source and destinations as IP addresses and port numbers instead of host names.

• host - Filter displayed data to traffic involving the provided IP address. Optionally combine with src or dst to further filter.

• port - Filter displayed data to traffic involving the provided port number. Optionally combine with src or dst to further filter.

• src - Abbreviation for "source". Use with a host or port value to filter displayed data to any traffic from the provided IP address or port number.

• dst - Abbreviation for "destination". Use with a host or port value to filter displayed data to any traffic to the provided IP address or port number.

Usage differences from full version of tcpdump

The CipherTrust Manager installation of tcpdump has the following important usage differences from the full version:

• It only supports the arguments specified in the usage statement, which is displayed when you enter tcpdump with no arguments. These arguments are fully documented in the required syntax and options sections.

• It does not support specifying the and/or/not operator keywords. If you provide both a host and a port value, they are implicitly interpreted as together, equivalent to an and expression in the full tcpdump version.

• It allows you to specify host, src host, dst host, port, src port or dst port before or after any other options. The full version of tcpdump enforces that these options must be at the end of the command.

Example Command

sudo tcpdump -i ens32

Response

Refer to Output Format in tcpdump documentation to interpret displayed traffic.