This script was developed for a client to capture tcpdump statistics from a Linux network interface. The primary objective was to validate whether a specific interface, part of an MPLS circuit, was receiving packets timely and consistently.</code></pre><p>The interface was a key part of an <strong>IPSLA pair</strong>, positioned on the far end of the MPLS circuit. Our goal was to ensure that traffic from the intended source was reaching this device <strong>through the correct circuit</strong>.</p><pre><code class="language-bash"></code></pre><h3 id="mcetoc_1imbj58h70"><strong></strong><code class="language-bash">
To achieve this, we decided to run tcpdump on the Linux system, extract the packets received, and validate the circuit's functionality based on this data. Since the interface was expected to continuously receive traffic, the script was configured to:
</code></pre><ul><li><strong>Capture traffic for 10 seconds</strong></li><li><strong>Run every 60 seconds</strong> in a continuous loop</li><li>If the <strong>packets received was below a threshold</strong>, the component would go into a <strong>warning or critical state</strong></li></ul><pre><code class="language-bash">
This setup provided near real-time monitoring, allowing us to determine within a one-minute window if the circuit was up or down.</code></p><p><code class="language-bash">
SolarWinds SAM TCPDump Monitor Script Documentation
Overview
This script serves as a component monitor for SolarWinds Server & Application Monitor (SAM) to collect and report network traffic statistics using tcpdump. It allows system administrators to monitor packet capture statistics on specific network interfaces with customizable filters, providing valuable insights into network traffic patterns, potential packet loss, and overall network health.
Features
- Monitors packet statistics on any network interface
- Configurable capture duration
- Supports custom tcpdump filters for targeted monitoring
- Comprehensive logging for troubleshooting
- Returns statistics in SolarWinds SAM compatible format
- Handles errors gracefully with appropriate exit codes
- Cleans up temporary files automatically
Requirements
- Linux/Unix-based system
- tcpdump utility installed
- Appropriate permissions to run tcpdump (typically requires sudo)
- SolarWinds SAM with Custom Script Monitor capability
Usage
Basic Command Syntax
echo "${PASSWORD}" | sudo -S sh ${SCRIPT} <interface> <duration> [filter]Parameters
interface: The network interface to monitor (e.g., eth0, ens32)duration: How long to run the capture, in seconds (e.g., 5, 30)filter: (Optional) A tcpdump filter expression to narrow down captured packets
Examples
Monitor all traffic on interface ens32 for 5 seconds:
bash script.sh ens32 5
Monitor only HTTP traffic (port 80) for 10 seconds:
bash script.sh ens32 10 "port 80"
Monitor traffic to/from a specific IP address:
bash script.sh ens32 5 "host 192.168.1.100"
Monitor HTTPS traffic (port 443) to/from a specific IP:
bash script.sh ens32 5 "host 192.168.1.100 and port 443"
SolarWinds SAM Integration
To add this as a component monitor in SolarWinds SAM:
- Create a new "Component Monitor" in SolarWinds SAM
- Select "Linux/Unix Script Monitor" as the monitor type
- In the "Script Arguments" field, enter:
echo "${PASSWORD}" | sudo -S sh ${SCRIPT} <interface> <duration> [filter] - Replace
<interface>, <duration>, and optionally [filter] with your desired values - Set thresholds for alerts based on packet statistics (particularly "Dropped" packets)
Output Statistics
The script provides the following metrics to SolarWinds SAM:
- Captured: Number of packets captured by tcpdump
- Received: Number of packets received by the filter
- Dropped: Number of packets dropped by the kernel (indicates potential performance issues)
Each metric includes both a numeric value (Statistic.*) and a descriptive message (Message.*) for display in the SolarWinds SAM interface.
Logging
The script maintains detailed logs at /var/log/tcpdump_sam.log, which include:
- Script execution start and end times
- Parameter values used
- Results of packet captures
- Any errors encountered
These logs can be invaluable for troubleshooting issues with the monitor.
Error Handling
The script includes comprehensive error handling for common issues:
- Missing required arguments
- Missing tcpdump utility
- Failed tcpdump execution
In each case, appropriate error messages are logged and returned to SolarWinds SAM.
[L1M3] Monitoring Goals You & Your Boss Can Agree On
