- Veeam Support Knowledge Base
- Packet Capture Use Examples
Packet Capture Use Examples
This article is not intended as a guide to using tshark or tcpdump. Links to the manuals for those products can be found in the More Information section of this article.
This article intends to provide customers with examples of the capture methods used by Veeam Support. There is an expectation that the reader will have some existing experience using Wireshark, tshark, or tcpdump.
Purpose
This article provides examples of commands for packet capture in Windows (using tshark) and Linux (using tcpdump). This can be useful when testing connectivity and specific ports outside of Veeam software components, which is necessary to isolate network connectivity or throughput issues as part of other troubleshooting.
Note: tshark is a component of Wireshark and installed using the same installer.
Solution
Limitations and Considerations
- The tshark examples below are formatted for the PowerShell console and may fail if used in a Command Prompt.
- The use case examples filter based on IP address. You'll need to update them with the correct source and destination IP addresses for the traffic you are attempting to capture.
- If a machine has more than one NIC with an IP address, you'll need to update the examples using the IP associated with the NIC that handles the traffic you are attempting to capture.
- In the use case examples, some examples have a placeholder for the port, and you'll need to review the Ports list to identify the correct port for the traffic you are attempting to capture.
- The packet captures require that you specify an interface name or number. To check the interface identifiers:
- For Windows:
.\tshark.exe -D
- For Linux:
ip a
- For Windows:
Communication Issues Betwen Data Movers
- Windows source (VMware Proxy, Agent machine, Plugin machine):
.\tshark.exe -i <Interface-ID> -s 80 -b filesize:500000 -b files:20 -w 'C:\TShark\Source.pcap' -f 'portrange 2500-3300 and host <Target-IP>'
- Linux source (VMware Proxy, Agent machine, Plugin machine):
tcpdump -i <Interface-ID> -s 80 -C 500 -W 20 -w /tmp/tcpdump/Source.pcap portrange 2500-3300 and host <Target-IP>
- Windows target (Repository, Gateway):
.\tshark.exe -i <Interface-ID> -s 80 -b filesize:500000 -b files:20 -w 'C:\TShark\Target.pcap' -f 'portrange 2500-3300 and host <Source-IP>'
- Linux target (Repository, Gateway):
tcpdump -i <Interface-ID> -s 80 -C 500 -W 20 -w /tmp/tcpdump/Target.pcap portrange 2500-3300 and host <Source-IP>
Communication Issue Between A Server (Managed server, Agent server, Oracle server) and the Veeam Backup Server
- Veeam Backup Server
.\tshark.exe -i <Interface-ID> -s 80 -b filesize:500000 -b files:20 -w 'C:\TShark\VBR.pcap' -f 'port XXXX and host <Remote-Machine-IP>'
- Remote Windows Machine
.\tshark.exe -i <Interface-ID> -s 80 -b filesize:500000 -b files:20 -w "C:\TShark\Server.pcap" -f 'port XXXX and host <VBR-IP>'
- Remote Linux Machine
tcpdump -i <Interface-ID> -s 80 -C 500 -W 20 -w /tmp/tcpdump/Server.pcap port XXXX and host <VBR-IP>
More Information
Usage Tips
- When capturing data on a specific port, you can test if that port is accepting incoming traffic and that the capture is capturing that traffic by using the techniques documented in KB4444: How to Test Port Connectivity.
- It is possible to capture packets on multiple interfaces; review the manual for the tool you are using for more information.
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.
Spelling error in text
Thank you!
Your feedback has been received and will be reviewed.
Oops! Something went wrong.
Please, try again later.
You have selected too large block!
Please try select less.
KB Feedback/Suggestion
This form is only for KB Feedback/Suggestions, if you need help with the software open a support case
Thank you!
Your feedback has been received and will be reviewed.
Oops! Something went wrong.
Please, try again later.