To capture Geneve packets using tcpdump, follow these steps:
- Open a terminal on your system.
- Type the following command to start capturing traffic on the interface that you want to monitor:
sudo tcpdump -i <interface>
Replace <interface>
with the name of the network interface that you want to monitor.
- To filter for Geneve packets only, use the following command:
sudo tcpdump -i <interface> -s0 -vvv 'udp port 6081'
This will capture all UDP packets on port 6081 (the default port used for Geneve) and print verbose output (-vvv).
- You can also add additional filters to capture specific types of Geneve packets. For example, to capture only Geneve encapsulated IPv4 traffic, use the following command:
sudo tcpdump -i <interface> -s0 -vvv 'udp port 6081 and (ether[12:2]=0x6558) and (ip proto 4)'
This will capture only those UDP packets on port 6081 that contain a Geneve header with an EtherType of 0x6558 and encapsulate IPv4 traffic.
- Once you have captured the desired traffic, press
Ctrl + C
in the terminal window to stop tcpdump from running.
Note: To use tcpdump effectively, you need root privileges on your system or be part of a group with sufficient permissions.