Obtaining a packet capture on a VAP running Proventia Network IPS requires you to run a non-default tcpdump.The customer needs to perform a tcpdump on an ISS VAP but cannot obtain any useful information with the standard tcpdump command.
The default tcpdump doesn't work for the circuits bridged by the ISS application.
Proventia IPS uses a special tcpdump command to capture packets. Use the following procedure to capture the necessary information.
1). RSH to the Proventia VAP group.
2). Use the following tcpdump command to capture packets:
/etc/iss/usr/sbin/tcpdump -i provg_1
This command captures packets for all circuits monitored by the Proventia Network IPS application.
To add this command as an alias in ~/.bash_profile on the VAP:
alias tcpdump='/etc/iss/usr/sbin/tcpdump -i provg_1'
To obtain a packet capture for the management circuit, run the following command: