#1 Global Leader in Data Protection & Ransomware Recovery

Packet Capture Use Examples

KB ID: 2256
Published: 2017-03-07
Last Modified: 2024-02-26
mailbox
Get weekly article updates
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.

Cheers for trusting us with the spot in your mailbox!

Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest

error icon

Oops! Something went wrong.

Please try again later.

Intended Audience

This article is not intended as a guide to using tshark or tcpdump. Links to the manuals for those products can be found in the More Information section of this article.

This article intends to provide customers with examples of the capture methods used by Veeam Support. There is an expectation that the reader will have some existing experience using Wireshark, tshark, or tcpdump.

Purpose

This article provides examples of commands for packet capture in Windows (using tshark) and Linux (using tcpdump). This can be useful when testing connectivity and specific ports outside of Veeam software components, which is necessary to isolate network connectivity or throughput issues as part of other troubleshooting.

Note: tshark is a component of Wireshark and installed using the same installer.

Solution

Limitations and Considerations

  • The tshark examples below are formatted for the PowerShell console and may fail if used in a Command Prompt.
  • The use case examples filter based on IP address. You'll need to update them with the correct source and destination IP addresses for the traffic you are attempting to capture.
  • If a machine has more than one NIC with an IP address, you'll need to update the examples using the IP associated with the NIC that handles the traffic you are attempting to capture.
  • In the use case examples, some examples have a placeholder for the port, and you'll need to review the Ports list to identify the correct port for the traffic you are attempting to capture.
  • The packet captures require that you specify an interface name or number. To check the interface identifiers:
    • For Windows:
      .\tshark.exe -D
      
    • For Linux:
      ip a
      

Communication Issues Betwen Data Movers

  • Windows source (VMware Proxy, Agent machine, Plugin machine):
.\tshark.exe -i <Interface-ID> -s 80 -b filesize:500000 -b files:20 -w 'C:\TShark\Source.pcap' -f 'portrange 2500-3300 and host <Target-IP>'
  • Linux source (VMware Proxy, Agent machine, Plugin machine):
tcpdump -i <Interface-ID> -s 80 -C 500 -W 20 -w /tmp/tcpdump/Source.pcap portrange 2500-3300 and host <Target-IP>
  • Windows target (Repository, Gateway):
.\tshark.exe -i <Interface-ID> -s 80 -b filesize:500000 -b files:20 -w 'C:\TShark\Target.pcap' -f 'portrange 2500-3300 and host <Source-IP>'
  • Linux target  (Repository, Gateway):
tcpdump -i <Interface-ID> -s 80 -C 500 -W 20 -w /tmp/tcpdump/Target.pcap portrange 2500-3300 and host <Source-IP>

Communication Issue Between A Server (Managed server, Agent server, Oracle server) and the Veeam Backup Server

  • Veeam Backup Server
.\tshark.exe -i <Interface-ID> -s 80 -b filesize:500000 -b files:20 -w 'C:\TShark\VBR.pcap' -f 'port XXXX and host <Remote-Machine-IP>'
  • Remote Windows Machine
.\tshark.exe -i <Interface-ID> -s 80 -b filesize:500000 -b files:20 -w "C:\TShark\Server.pcap" -f 'port XXXX and host <VBR-IP>'
  • Remote Linux Machine
tcpdump -i <Interface-ID> -s 80 -C 500 -W 20 -w /tmp/tcpdump/Server.pcap port XXXX and host <VBR-IP>

More Information

Usage Tips

  • When capturing data on a specific port, you can test if that port is accepting incoming traffic and that the capture is capturing that traffic by using the techniques documented in KB4444: How to Test Port Connectivity.
  • It is possible to capture packets on multiple interfaces; review the manual for the tool you are using for more information.
To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.

Spelling error in text

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

Oops! Something went wrong.

Please try again later.

You have selected too large block!

Please try select less.

KB Feedback/Suggestion

This form is only for KB Feedback/Suggestions, if you need help with the software open a support case

By submitting, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Verify your email to continue your product download
We've sent a verification code to:
  • Incorrect verification code. Please try again.
An email with a verification code was just sent to
Didn't receive the code? Click to resend in sec
Didn't receive the code? Click to resend
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

error icon

Oops! Something went wrong.

Please try again later.