Packet Captures

A packet capture is a snapshot of live network traffic. Use packet captures for in-depth network diagnostics and troubleshooting. When you discover a network issue that affects your applications, you can capture traffic using Network Visibility Agents and send the resulting data to your network or Ops team for further analysis.

Network Agents save packet captures as pcap files. A wide variety of network analysis tools support pcap:Wireshark, tcpdump, Windump, and so on. Packet captures are supported on Linux platforms only.

Restrict packet capture privileges to authorized users only

Packet capture files include "raw" application data that might contain sensitive information. Any user with Account Owner or Administrator privileges can perform packet captures. For this reason, these roles should be assigned to authorized users only. See Roles and Permissions.

Before You Begin

Note: You must perform this setup on each host before you can capture packets on that host.
  1. In the Controller, click the gear icon in the top right ( ) and select AppDynamics Agents > Network Visibility Agents.
  2. Right-click the Agent to set up and select View Packet Capture Configuration.
  3. Set the capture settings:
    • Duration (sec)– Make it long enough to capture at least one Business Transaction over the link that you want to troubleshoot
    • Size– The maximum size for any single capture file
    • Packet Capture Filename Prefix– You must specify a prefix. It is good practice to include the hostname or another string that clearly identifies the node. The resulting pcap filename includes the prefix, the IP address, the interfaces captured, and the timestamp. For example, if you specify a prefix of DataCenterNYC-- , the resulting pcap will have filename: DataCenterNYC--ip-10-0-21-101_any_1_2017_09_28_17_58_03.pcap
  4. Set the storage settings:
    • Path– If remote storage is disabled, the Agent stores capture files in this folder on the Agent host
      • The specified folder must exist on the Agent host. The default path is /opt/appdynamics/netviz/pcap .
      • The <network-agent-user> account (the one used to install and run the Network Agent) should have read and write permissions to this folder
    • Maximum Allotted Space– Maximum storage allotted for all capture files. This setting applies to both the Agent host and the remote server. As new capture files are created, the Agent deletes older files to free up space.
  5. Set the storage settings (SCP server):
    • Remote Storage (upload to SCP Server)– With this option enabled, the Agent uploads the capture file to the specified server when the packet-capture operation ends
    • Host/Port/Username/Password/Path
      • The local path must be defined on the remote server
      • The specified user account must have write permissions on the specified path

Best Practices for Packet Captures

Packet Capture files can get very large, very quickly. When a capture job is in progress, the Network Agent captures all bytes in all packets on all network interfaces that it monitors. The size of the capture file depends on the capture duration, and the rate of packets sent and received on the network interfaces of the node. The duration should be long enough to capture a few Business Transaction calls between the two nodes, but no longer.

If you want to retain any capture file for archiving or extended analysis, copy the file from the storage folder as soon as the capture completes. This ensures that it does not get overwritten by newer files.

Packet capture operations generate a number of Network Visibility Events that you can use for monitoring and troubleshooting.

Create a Packet Capture

Determine the Nodes to Capture

  • Go to the Network Dashboard, set the reporting duration to the last five minutes, and verify that the network issue you need to troubleshoot is currently active.
  • Note the node(s) where you need to capture packets.
    • To troubleshoot a node, capture on the node (A).
    • To troubleshoot a link, capture on the two connecting nodes on each side of the link (B).
    • If the link is bisected by a load balancer, capture on both sides of the load balancer (C).

Start the Packet CaptureDetermine the Nodes to Capture

When you start a capture, the Agent captures all packets sent and received by all network interfaces on the Agent host. When the Agent stops capturing (as specified by the Duration (sec)capture setting), it saves the pcap file in the folder specified by Storage settings).

There are two capture methods: From the Agents Page and From the Node Dashboard

From the Agents Page

Use this method to capture on one or more nodes:

  1. In the Controller, click the gear icon in the top right () and select AppDynamics Agents>Network Visibility Agents.
  2. Select the Agents on the nodes where you want to capture. Use Ctrl-click or Shift-click to select multiple Agents.
  3. Right-click a selected Agent and select Start Packet Capture.

From the Node Dashboard

Use this method to capture on a single node:

  1. Drill down to the node in the Network Browser:
    1. Go to Tiers & Nodes, right-click the node, and select View.
    2. When the Node view appears, go to the Network Browser.
  2. Right-click the node and select Start Packet Capture.