The -file-size option allows for modification of the trace file size from its default (1024 MB). The -rolling-traces option specifies the number of traces files to save if using rolling packet traces. If '-rolling-traces' is not used, a rolling trace with 2 files will be used.!!
Ensure that node's root volume vol0 has enough space if you need to collect large trace files, you can use the df -h command to check it.!!!! Be aware that by default the trace files will be added to snapshot copies and that vol0 (root volume) may fill up very quickly causing an outage.!!!!
In fact, in “monitor” mode the Wi-fi interface can capture packets without even being connected to any access point (router), it is a free agent, sniffing and snooping at all the data in the air! In this free video from our Troubleshooting ACLs with Wireshark training, Instructor Ross Bagurdes demonstrates how to capture packets in the Wireshark Network Analyzer.
To avoid that trace files will be included within snapshots perform below steps.!! 1.:: vol options vol0 (automatic Snapshot copies is disabled) You may consider to delete old snapshots for vol0 based on your space requirements. 2.:: snap list vol0 3.:: snap delete vol0. Rolling trace example::: network tcpdump start -node -port e0a -buffer-size 4096 -file-size 512 -rolling-traces 4 -address 10.1.1.2 -protocol-port 445 This trace rolls up to 4 trace files of size 512 MB each (oldest file removed first). It uses a 4MB memory buffer, and traces on port e0a filtering for IP address 10.1.1.2 and TCP/UDP port 445. To stop a packet trace::: tcpdump stop -node -port.
To show packet trace files::: network tcpdump trace show Packet traces are stored in the following path: /mroot/etc/log/packettraces To retrieve packet traces:: How to manually collect logs and copy files from a clustered Data ONTAP storage system To delete old packet traces::: network tcpdump trace delete? -node Node Name -trace-file Trace File For information on taking packet traces prior to, see PKTT KB article: How to capture packet traces (PKTT) on Data ONTAP 8 Cluster-Mode systems. NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.