I'm trying to figure out what packets a linux host sends at boot in order to debug it.
Is there a way to start packet capture during boot time to not miss any packets?
What is your way of going about it?
I have found a red hat guide but it's behind a pay wall. In any case there must be a way.
Asked
Active
Viewed 33 times
0
lolz
- 11
- 1
-
1Connect the Linux host in question to a network hub (if you can find one). Then connect another Linux host to the same network hub. Start a packet capture on the second Linux host and boot up the first Linux host. – joeqwerty Jul 27 '22 at 03:13
-
Or a variation of that idea: find or make a Linux box with two NICs. Enslave them both into the same bridge. Connect it into "cable split" between that server in question and the device it is normally connected. Then capture on the physical interface that goes to the server in question. – Nikita Kipriyanov Jul 27 '22 at 03:42
-
If you were referring to Redhat article #5495601, that deals with starting tcpdump via init.d and as a systemctl service. That may be helpful for troubleshooting system services as they start up. But if you're looking for packets during the actual Linux boot (PXE, tftp, etc.) your best bet is one of the recommendations above. – Brandon Xavier Jul 27 '22 at 10:02
-
Thank you guys. The title of the article is apparently a clickbait XD. Ok, I'll do it the regular way like you have suggested. – lolz Jul 28 '22 at 10:01