How to Capture a Network Trace from a XenServer Physical Interface, Virtual Bridge, and VM Virtual Interface

How to Capture a Network Trace from a XenServer Physical Interface, Virtual Bridge, and VM Virtual Interface

book

Article ID: CTX120869

calendar_today

Updated On:

Description

This article describes how to capture a network trace from a XenServer physical interface, Virtual Bridge, and Virtual Machine Virtual Interface. 


Instructions

For troubleshooting purposes, Citrix Technical Support might request you to capture a network trace from the XenServer Physical Interface (PIF), Virtual Interface (VIF), or both.
You can use Tcpdump to capture the network traces.

To capture a network trace, complete the following procedures based on the required network trace you want to capture:

Capturing a Network Trace of a XenServer PIF

To capture a network trace of a XenServer PIF, complete the following procedure:

  1. Run the following command to identify the PIF to trace:
    xe pif-list params=device,network-uuid
    Following is the output of the preceding command:

    device ( RO)          : eth0                               
     network-uuid ( RO): b6fa59da-9bbf-fee7-9f5e-0faa094c89d9

  2. Run the following command from the command line interface to capture an unfiltered network trace on an identified PIF and write it to a file:
    tcpdump -i <device> -w /<path to file>
    Following is a sample of the preceding command:
    tcpdump -i eth0 -w /piftracefile

  3. Run the following command from the command line interface to capture an unfiltered trace that includes the packet header as well as the entire contents of the data payload, run the following command from the command line interface. Capturing the entire packet results in a larger output file.
    tcpdump -i <device> -s 0 -w /<path to file>
    Following is a sample of the preceding command:
    tcpdump -i eth0 -s 0 -w /piftracefile

  4. Press Ctrl + c to stop capturing a trace. 

Capturing a Network Trace of a Virtual Bridge

To capture a network trace of a virtual bridge, complete the following procedure:

  1. Run the following command to identify the PIF to trace:
    xe pif-list params=device,network-uuid
    Following is the output of the preceding command:

    device ( RO)          : eth0
    network-uuid ( RO): b6fa59da-9bbf-fee7-9f5e-0faa094c89d9

  2. Run the following command to identify the virtual bridge to trace:
    xe network-list uuid= <network-uuid> params=bridge,name-label
    Following is a sample of the preceding command:
    xe network-list uuid= b6fa59da-9bbf-fee7-9f5e-0faa094c89d9 params=bridge,name-label
    Following is the output of the preceding command:

    name-label ( RW)    : Pool-wide network associated with eth0
    bridge ( RO): xenbr0

  3. Run the following command from the command line interface to capture an unfiltered network trace on an identified virtual bridge and write it to a file:
    tcpdump -i <bridge> -w /<path to file>
    Following is a sample of the preceding command:
    tcpdump -i xenbr0 -w /xenbridgetrace

  4. Run the following command from the command line interface to capture an unfiltered trace that includes the packet header as well as the entire contents of the data payload. Capturing the entire packet results in a larger output file.
    tcpdump -i <bridge> -s 0 -w /<path to file>
    Following is a sample of the preceding command:
    tcpdump -i xenbr0 -s 0 -w /xenbridgetrace

  5. Press Ctrl + c to stop capturing a trace.

Capturing a Network Trace of a XenServer VM VIF

VIF names are dynamically created when a Virtual Machine is started. VIF names are formulated with the following structure, vifx.y, where x is the domain ID of the virtual machine and y is the device number. Domain ID is a dynamic part of the VIF name because it might change on the virtual machine start up.

To capture a network trace of a XenServer VM vif, complete the following procedure:
  1. Start the virtual machine and run the following command to identify the domain ID of the virtual machine to trace:
    xe vm-list name-label=<name of vm> params=dom-id
    Following is a sample of the preceding command:
    xe vm-list name-label=cps_att  params=dom-id
    Following is the output of the preceding command:

    dom-id ( RO)    : 16

  2. Run the following command to identify the VIF device number.
    xe vif-list vm-name-label=<name of vm>
    Following is a sample of the preceding command:
    xe vif-list vm-name-label=cps_att params=device
    Following is the output of the preceding command:

    device ( RO)    : 0

  3. Run the following command from the command line interface to capture an unfiltered network trace on the required VIF and write it to a file:
    tcpdump -i vif<dom-id>.<device> -w /<path to file>
    Following is a sample of the preceding command:
    tcpdump -i vif16.0 -w /xenviftrace

  4. Run the following command from the command line interface to capture an unfiltered trace that includes the packet header as well as the entire contents of the data payload. Capturing the entire packet results in a larger output file.
    tcpdump -i vif<dom-id>.<device> -s 0 -w /<path to file>
    Following is a sample of the preceding command:
    tcpdump -i vif16.0 -s 0 -w /xenviftrace

  5. Press Ctrl + c to stop capturing a trace.

Issue/Introduction

This article describes how to capture a network trace from a XenServer physical interface, Virtual Bridge, and Virtual Machine Virtual Interface.

Additional Information

References : How to Find dom-id or Domain ID of Virtual Machines Running On XenServer