Can i get some help on the tcpdump command specific to the user IP address..

I have been using this one since a while...

/nas/sbin/server_tcpdump server_2 -start fsn01 -w /root_vdm_1/mrrbwtrnuatfs1/tra
ce-1 -host 10.103.101.81
/nas/sbin/server_tcpdump server_2 -start trk1 -w /dm2/tcpdump.cap
2. Monitor the process of the capture by using the following command:
/nas/sbin/server_tcpdump server_x -display
3. Stop the capture by using the following command:
/nas/sbin/server_tcpdump server_x -stop trk1
4. The Linux Control Station can be used to display the capture file or it can v
iewed in more detail with Wireshark which is available free from www.wireshark.o
rg.
To view the capture file using the Control Station issue the following command a
s root:
/usr/sbin/tcpdump -r /nas/rootfs/slot_2/dm2/tcpdump.cap | more
https://support.emc.com/media43119

To enable the interface cge0 on server_2, type:

$ server_ifconfig server_2 cge0 up
CONDUCTING NETWORK TRACES ON DATAMOVER USING TCPDUMP: NAS 4.x +
Step 1.
Link server_mgr to server_tcpdump on CS:
# ln -s /nas/bin/server_mgr /nas/sbin/server_tcpdump
Step 2.
Start network capture:
# /nas/sbin/server_tcpdump server_2 -start ace0 -w /mnt01/tcpdump.log -max
1000 (size in kb) s 1514
Or # /nas/sbin/server_tcpdump server_2 -start fsn0 -w /artwkgrp/artwkgrp/dmp.tst
(NAS 5.4)
Or # /nas/sbin/server_tcpdump server_2 -start cge1 -w /fs_quota/tcpdump.log -ma
x 1000 -s 1514
server_2 :
Packet capturing started.
Step 3. Monitor capture:
# /nas/sbin/server_tcpdump server_2 -display
server_2 :
Packet capturing OK on device: cge1 , to file: /fs_quota/tcpdump.log-1
pckts captured: 38 filtered out: 0 dropped: 0
Step 4. Stopping the capture:
# /nas/sbin/server_tcpdump server_2 -stop ace0
server_2 :
Packet capturing stopped.
Step 5. Review trace on CS or download and review using Ethereal, etc.:
# /usr/sbin/tcpdump -r /nasmcd/quota/slot_2/fs_quota/dump_nosnap.log n |more
Switches: -display | -stop ace0 | -host [IP Address only, & dont abbreviat
e]| -s snaplen [packet size bytes]

Note 1:
Try to use s 1514 whenever possible to prevent truncation of SMB packets
Note 2:
$ /nas/sbin/server_tcpdump server_2 -start cge5 -w /tmp/dmp.out Cannot use tcpd
ump from DM to write to Control Station
PacketCapture: failed to initialize asynclog object
Engineering Facility to Run TCPDUMP:
$ .server_config server_2 -v
netcap action=start device=ace0 filename=
/dump/dump.log [root of DM]
$ .server_config server_2 -v netcap action=display
$ /nas/sbin/server_tcpdump server_2 -display [Info regarding current tcpdump]
$ .server_config server_2 -v netcap action=stop device=ace0
$ /usr/sbin/tcpdump -r /nas/rootfs/slot_2/dump/dump.log -n [Reading the capt
ure from Control Station?]
Note: TCPDUMP requires the following passwd file entry in /etc/shadow [/etc/pas
swd] in order to start up:
pcap:!!:12475:0:99999:7:::
LINUX CONTROL STATION TCPDUMP:
Step 1. #/usr/sbin/tcpdump -s 2000 -w /tmp/dump1 host 192.1.5.44 and 192.
1.5.23
Step 2. Starts capture between the two nodes; Use ctrl + c to stop capture
Step 3. Display Capture: #/usr/sbin/tcpdump -vvex -r /tmp/dump1 |more