パケットキャプチャ

パケットキャプチャは、ライブ ネットワーク トラフィックのスナップショットです。パケットキャプチャは、詳細なネットワーク診断およびトラブルシューティングに使用します。アプリケーションに影響するネットワークの問題を検出した場合は、ネットワークの可視性エージェントを使用してトラフィックをキャプチャし、結果のデータをネットワークチームまたは運用チームに送信して、さらなる分析を行うことができます。

https://en.wikipedia.org/wiki/Pcapネットワークエージェントは、パケットキャプチャを pcap ファイルとして保存します。WiresharktcpdumpWindump など、多種多様なネットワーク分析ツールが pcap をサポートしています。パケットキャプチャは Linux プラットフォームでのみサポートされています。

許可されたユーザのみにパケットキャプチャの権限を制限する

パケットキャプチャファイルには、機密情報が含まれている可能性がある「raw」アプリケーションデータが含まれます。アカウント所有者権限または管理者権限があるすべてのユーザがパケットキャプチャを実行できます。このため、これらのロールは許可されたユーザのみに割り当てる必要があります。「ロールと権限」を参照してください。

Before You Begin

注: You must perform this setup on each host before you can capture packets on that host.
  1. In the Controller, click the gear icon in the top right ( ) and select AppDynamics Agents > Network Visibility Agents.
  2. Right-click the Agent to set up and select View Packet Capture Configuration.
  3. Set the capture settings:
    • Duration (sec)– Make it long enough to capture at least one Business Transaction over the link that you want to troubleshoot
    • Size– The maximum size for any single capture file
    • Packet Capture Filename Prefix– You must specify a prefix. It is good practice to include the hostname or another string that clearly identifies the node. The resulting pcap filename includes the prefix, the IP address, the interfaces captured, and the timestamp. For example, if you specify a prefix of DataCenterNYC-- , the resulting pcap will have filename: DataCenterNYC--ip-10-0-21-101_any_1_2017_09_28_17_58_03.pcap
  4. Set the storage settings:
    • Path– If remote storage is disabled, the Agent stores capture files in this folder on the Agent host
      • The specified folder must exist on the Agent host. The default path is /opt/appdynamics/netviz/pcap .
      • The <network-agent-user> account (the one used to install and run the Network Agent) should have read and write permissions to this folder
    • Maximum Allotted Space– Maximum storage allotted for all capture files. This setting applies to both the Agent host and the remote server. As new capture files are created, the Agent deletes older files to free up space.
  5. Set the storage settings (SCP server):
    • Remote Storage (upload to SCP Server)– With this option enabled, the Agent uploads the capture file to the specified server when the packet-capture operation ends
    • Host/Port/Username/Password/Path
      • The local path must be defined on the remote server
      • The specified user account must have write permissions on the specified path

Best Practices for Packet Captures

Packet Capture files can get very large, very quickly. When a capture job is in progress, the Network Agent captures all bytes in all packets on all network interfaces that it monitors. The size of the capture file depends on the capture duration, and the rate of packets sent and received on the network interfaces of the node. The duration should be long enough to capture a few Business Transaction calls between the two nodes, but no longer.

If you want to retain any capture file for archiving or extended analysis, copy the file from the storage folder as soon as the capture completes. This ensures that it does not get overwritten by newer files.

Packet capture operations generate a number of Network Visibility Events that you can use for monitoring and troubleshooting.

Create a Packet Capture

Determine the Nodes to Capture

  • Go to the Network Dashboard, set the reporting duration to the last five minutes, and verify that the network issue you need to troubleshoot is currently active.
  • Note the node(s) where you need to capture packets.
    • To troubleshoot a node, capture on the node (A).
    • To troubleshoot a link, capture on the two connecting nodes on each side of the link (B).
    • If the link is bisected by a load balancer, capture on both sides of the load balancer (C).

Start the Packet CaptureDetermine the Nodes to Capture

When you start a capture, the Agent captures all packets sent and received by all network interfaces on the Agent host. When the Agent stops capturing (as specified by the Duration (sec)capture setting), it saves the pcap file in the folder specified by Storage settings).

There are two capture methods: From the Agents Page and From the Node Dashboard

From the Agents Page

Use this method to capture on one or more nodes:

  1. In the Controller, click the gear icon in the top right () and select AppDynamics Agents>Network Visibility Agents.
  2. Select the Agents on the nodes where you want to capture. Use Ctrl-click or Shift-click to select multiple Agents.
  3. Right-click a selected Agent and select Start Packet Capture.

From the Node Dashboard

Use this method to capture on a single node:

  1. Drill down to the node in the Network Browser:
    1. Go to Tiers & Nodes, right-click the node, and select View.
    2. When the Node view appears, go to the Network Browser.
  2. Right-click the node and select Start Packet Capture.