Installing and using packet capture tools for the 8 and 9 series of the Layer 7 Gateway
Document ID :
Last Modified Date :
Show Technical Document Details
CA API Management Gateway
CA API Management Gateway:Release:8.4
CA API Management Gateway:Release:8.3
At times, it is necessary to capture network traffic received by and sent from the Gateway appliance. The Gateway appliance does not come with the necessary packages to do this by default. This article describes the steps required to install the necessary RPMs and a basic command that can be used to generate a packet capture.
API Gateway 8.x and 9.x series
The following steps should be followed for installing the tcpdump application if it does not already exist on the appliance.
Download the compressed archive attached to this article to a workstation.
Upload the contents of the compressed archive to the Gateway appliance via SFTP or SCP as the
Log into the Gateway appliance as the
Select Option #3: Use a privileged shell (root).
rpm -i -vh /home/ssgconfig/libpcap-1.4.0-4.20130826git2dbcaa1.el6.x86_64.rpm
rpm -i -vh /home/ssgconfig/tcpdump-4.0.0-9.20090921gitdf3cb4.2.el6.x86_64.rpm
Note: The /home/ssgconfig/ path may need to be adjusted to reflect the actual path the files were uploaded to on the appliance.
The following command is used to run the tcpdump application:
tcpdump -s 0 -i any -w /home/ssgconfig/case_number.cap
option specifies where the packet capture will start. This should always be "0."
option specifies where the packet capture will be written to on the file system.
option specifies an interface to perform a capture against. Valid options would be (but are not limited to):
eth0, eth1, eth2, lo
The tcpdump application supports a wide array of options that are documented in the
formal manual page
on the Gateway appliance. A cross-platform application exists to interpret and display packet captures in a human-readable format.
can be used to view the output from tcpdump.
If required for security policies, the RPMs should be uninstalled after the data has been captured and analysed. Otherwise, it can be useful to leave them installed as it can save a lot of time in the future when it may be necessary again to capture network traffic.
Was this information helpful?