Jump to content
Welcome to our new Citrix community!

Using nstrace to capture client to server traffic


Roy Smith

Recommended Posts

Hi

 

I am trying to use nstrace and nstcpdump to capture traffic flow between a client PC and backend servers. I have tried various options and filters, even just "start nstrace" but the resulting capture file does not show any packets for the client or server. If initiate connection to the client or server from the CLI, I then see the captures. But I want to see the full flow from client to LBVS to server and the return. 

 

This is not a particularly complicated thing, so I would expect nstrace would be perfect for this. Am I missing something?

 

Thanks
Roy

Link to comment
Share on other sites

Even without filters, you should catch something.  Which version of the firmware are you on in case there is a bug that an engineer knows about.

 

Use the GUI if having an issue with the expression, but essentially you want 

Adjust packet size to 0 (if you want entire packet)

Change nstrace output to PCAP (instead of default cap)

Configure an expression so that you can capture traffic related to this client:  connection.ip.src.eq(<IPaddress)

And then enable "trace filtered connection's peer traffic".  In cli this is option -link enabled.

 

You can use the GUI with the above settings or use help start nstrace to figure out your settings.

 

Then run user traffic from the source ip specified to the Vserver you are interested in.

Execute stop nstrace when done to output to file.

Default settings will result in a trace in /var/trace/<timestamp>/nstrace1.pcap or something like that on the PRIMARY ADC of an HA pair.

 

The expression plus the "filtered connection's peer traffic" option will get client to vip, snip to server, and the return.  IF THIS IS NOT the client ip the ADC see's during the request, then no capture...such as if the user is coming from a vpn or proxy of some sort.

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...