Most of this has to be done as the root user.
To capture UDP network traffic from your Linux system, get '
tcpdump' as either:
RHEL/CentOS:
# yum install tcpdump Debian/Ubuntu:
# apt-get install tcpdump List your network adapters and identify the one to listen to (example):
# tcpdump -D
1.eth0
2.nflog (Linux netfilter log (NFLOG) interface)
3.nfqueue (Linux netfilter queue (NFQUEUE) interface)
4.usbmon1 (USB bus number 1)
5.any (Pseudo-device that captures on all interfaces)
6.lo [Loopback] Use this command to capture TCP traffic (example):
# tcpdump -i eth0 -nn tcp -w capture.pcap (type Ctrl-C to end)
Use this command to capture UDP traffic (example):
# tcpdump -i eth0 -nn udp -w udpcapture.pcap (type Ctrl-C to end)
The ‘
-nn’ option preserves IP and port addresses as numeric.
Capture from just before application startup through the problem, then stop '
tcpdump' with Ctrl-C and ZIP the .pcap file and attach it to the case.
The packet capture may be opened in
Wireshark (
https://www.wireshark.org/download.html) for review (example):
Understanding what is in each packet and what
should be in each packet is left to the experts.