On this page:

 

A packet capture is a snapshot of live network traffic. Packet captures are very useful for in-depth network diagnostics and troubleshooting. When you discover a network issue that affects your applications, you can capture traffic using the Network Visibility agents and send the resulting data to your network or ops team for further analysis.  

Network agents save packet captures as pcap files. A wide variety of network analysis tools support pcap: Wireshark, tcpdump, Windump, and many others.  

Packet captures are supported on Linux platforms only.  

Restrict packet capture privileges to authorized users only

Packet capture files include "raw" application data that might contain sensitive information. Any user with Account Owner or Administrator privileges can perform packet captures. For this reason, these roles should be assigned to authorized users only. See Roles and Permissions.

Before Starting

You must do the following setup on each host before you can capture packets on that host.

Do the following:

  • In the Controller, click the gear icon in the top right () and choose AppDynamics Agents > Network Visibility Agents.
  • Right-click on the agent to set up and choose View Packet Capture Configuration
  • Set the capture properties as follows.

Capture Settings

  • Duration (sec) – This should be long enough to capture at least one Business Transaction over the link that you want to troubleshoot.
  • Size – The maximum size for any single capture file. 
    Packet Capture Filename Prefix – You must specify a prefix. It is good practice to include the hostname or another string that clearly identifies the node. The resulting pcap filename includes the prefix, the IP, the interfaces captured, and the timestamp. 
    If you specify a prefix of DataCenterNYC--, for example, the resulting pcap will have a filename such as 

    DataCenterNYC--ip-10-0-21-101_any_1_2017_09_28_17_58_03.pcap

Storage Settings

  • Path – If remote storage is disabled, the agent stores capture files in this folder on the agent host.
    • The specified folder must exist on the agent host. The default path is /opt/appdynamics/netviz/pcap.
    • The <network-agent-user> account (the one used to install and run the Network Agent) should have read and write permissions to this folder. 
  • Maximum Allotted Space – Maximum storage allotted for all capture files. This setting applies to both the agent host and the remote server. As new capture files are created, the agent deletes older files to free up space.

Storage Settings (SCP Server)

  • Remote Storage (upload to SCP Server) –  With this option enabled, the agent uploads the capture file to the specified server when the packet-capture operation ends.
  • Host/Port/Username/Password/Path 
    • The local path must be defined on the remote server.
    • The specified user account must have write permissions on the specified path. 

Best Practices for Packet Captures

Packet Capture files can get very large very quickly. When a capture job is in progress, the network agent captures all bytes in all packets on all network interfaces that it monitors. The size of the capture file depends on the capture duration and the rate of packets sent and received on the network interfaces of the node. The duration should be long enough to capture a few Business Transaction calls between the two nodes, but no longer. 

If you want to retain any capture file for archiving or extended analysis, copy the file from the storage folder as soon as the capture ends. This ensures that it does not get overwritten by newer files.

Packet capture operations generate a number of Network Visibility Events that you can use for monitoring and troubleshooting.

Creating a Packet Capture 

Do the following:

Determine the Nodes to Capture

Do the following:

  • Go to the Network Dashboard, set the reporting duration to the last 5 minutes, and verify that the network issue you need to troubleshoot is currently active.
  • Note the node(s) where you need to capture packets. 
    • To troubleshoot a node, capture on the node (A). 
    • To troubleshoot a link, capture on the two connecting nodes on each side of the link (B).
    • If the link is bisected by a load balancer, capture on both sided of the load balancer (C). 



Start the Packet Capture

When you start a capture, the agent captures all packets sent and received by all network interfaces on the agent host. When the agent stops capturing (as specified by the Duration (sec) capture setting), it saves the pcap file in the folder specified by Storage settings).

 There are two ways to start a capture:

From the Agents Page

You can use this method to capture on one or more nodes:

  1. In the Controller, click the gear icon in the top right () and choose AppDynamics Agents > Network Visibility Agents.
  2. Select the agents on the nodes where you want to capture. Use Ctrl-click or Shift-click to select multiple agents.
  3. Right-click on a selected agent and choose Start Packet Capture

From the Node Dashboard

You can also use this method to capture on a single node:

  1. Drill down to the node in the Network Brower:
    1. Go to Tiers & Nodes, right-click on the node, and choose View.
    2. When the Node view appears, go to the Network Browser. 
  2. Right-click on the node and choose Start Packet Capture.