TCPDUMP is a utility to capture the data packets in linux based systems, below mentioned are the TCPDUMP commands in citrix load balancer.
nstcpdump.sh is the utility we will be using for tcpdump on citrix netscaler load balancer
By default you will land on > prompt on netscaler after login so you need use below command before you run tcpdump
> shell
#
1.) View the traffic for specific IP
# nstcpdump.sh host <host-IP>
2.) View the traffic between the specific IP
# nstcpdump.sh host <host-IP> and host < host-IP>
“Read More”
3.) View the traffic on specific port
# nstcpdump.sh port <Port-Number>
4.) Capturing the TCP dump data in Wireshark capture
# nstcpdump.sh port <Port-Number> -w /var/tmp/test.pcap
5.) Capturing the traffic on multiple interfaces with wireshark
# nstcpdump.sh -w /var/tmp/test.pcap -i 1/1 -i 1/2 (Note – i keyword do not work directly without wireshark capture)
6.) View the traffic for specific destination IP & Destination Port
# nstcpdump.sh dst host <Host-IP> and dst port <Port> /// # nstcpdump.sh dst host and port <Port>
7.) View the traffic for a entire subnet
# nstcpdump.sh net <Network-Address> mask <Subnet-Mask>
8.) View the traffic on specific IP with portrange
# nstcpdump.sh host <Host-IP> and portrange <Startport-Endport>
# nstcpdump.sh host 1.1.1.1 and portrange 65540-65535
9.) Capture the specified amount of packets only
# nstcpdump.sh -c 65000 host 1.1.1.1
10.) View the traffic destined for either one of the IP
# nstcpdump.sh host 1.1.1.1 or host 2.2.2.2
11.) View the TCP/UDP traffic for specific host
# nstcpdump.sh host 1.1.1.1 and tcp /// # nstcpdump.sh host 1.1.1.1 and tcp
11.) View the ICMP/ARP traffic for specific host
# nstcpdump.sh host 1.1.1.1 and arp /// # nstcpdump.sh host 1.1.1.1 and icmp
I hope the article will be helpful to you to run tcpdump on Netscaler LB while troubleshooting !! Good Luck !!