How to record a packet trace on Citrix ADC 编辑

This troubleshooting article explains how an administrator can record a network packet trace using the Citrix ADC GUI.

Points to remember

  • Citrix recommends you to use the recent Wireshark version from the “automated build section” available in the following webpage: http://www.wireshark.org/download/automated.

  • In Citrix ADC version 11.1 or later, to decrypt the capture and ensure ECC (Elliptic Curve Cryptography), Session Reuse and DH parameters are disabled from the virtual server. You must do before you capture a trace.

Record packet trace on NetScaler version 11.1

  1. Navigate to System > Diagnostics page.
  2. click the Start new trace link in the Diagnostic page, as shown in the following screenshot.

    Accessing Diagnostic page

  3. Update the packet size to 0 in the Packet size field.

    Packet size

  4. Click Start to start recording the network packet trace.
  5. Click Stop and Download to stop recording the network packet trace after the test is complete.

    Stop and Download trace

  6. Select the required file and click Select and click Download.

    Download packet trace

  7. Open the network packet trace file with the Wireshark utility to display the content of the file.

    Note: Select Decrypted SSL packets (SSLPLAIN) to decrypt the packet trace without the private key.

    Decrypted SSL packets

Capture SSL master keys

In the 11.0, 11.1 version and above there is an option to capture the session keys which is valid for only for that particular session/nstrace and this option can be used if you do not want to share the private key or use SSLPLAIN mode. For more information, see https://support.citrix.com/article/CTX135889.

Export Session Keys without sharing Private key

In most of the scenarios the private key is not available or shared. In such scenarios we can suggest exporting the SSL session keys instead of the private key. Read, [How to Export and Use SSL Session Keys to Decrypt SSL Traces Without Sharing the SSL Private Key, see https://support.citrix.com/article/CTX135889.

Filters

Also, it is always recommended to add IP based filters while taking traces. The process ensures that you capture only interested traffic which eases your troubleshooting. Adding filters also decreases the load on the appliance while taking traces.

Filter section

Simple IP-based filters are enough to get the right captures. For more information about nstrace filters and examples, see Citrix Documentation page.

Use case to capture a packet trace with virtual server IP filter (both front-end and back end)

Using a filter of the virtual server IP address and enabling the option “–link” in CLI or selecting the option “Trace filtered connection peer traffic” in GUI (available 10.1 and above), you can capture both the front-end and back-end traffic for the IP address.

start nstrace -size 0 -filter "CONNECTION.IP.EQ(1.1.1.1)" -link ENABLED

show nstrace
        State:  RUNNING          Scope:  LOCAL            TraceLocation:  "/var/nstrace/24Mar2017_16_00_19/..." Nf:  24  Time:  3600              Size:  0 Mode:  TXB NEW_RX
        Traceformat:  NSCAP      PerNIC:  DISABLED        FileName:  24Mar2017_16_00_19 Filter:  "CONNECTION.IP.EQ(1.1.1.1)" Link:  ENABLED           Merge:  ONSTOP           Doruntimecleanup:  ENABLED
        TraceBuffers:  5000      SkipRPC:  DISABLED       Capsslkeys:  DISABLED    InMemoryTrace:  DISABLED
<!--NeedCopy-->

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

词条统计

浏览:29 次

字数:5575

最后编辑:6 年前

编辑次数:0 次

    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文