How to record a packet trace on Citrix ADC 编辑
This troubleshooting article explains how an administrator can record a network packet trace using the Citrix ADC GUI.
Points to remember
Citrix recommends you to use the recent Wireshark version from the “automated build section” available in the following webpage: http://www.wireshark.org/download/automated.
In Citrix ADC version 11.1 or later, to decrypt the capture and ensure ECC (Elliptic Curve Cryptography), Session Reuse and DH parameters are disabled from the virtual server. You must do before you capture a trace.
Record packet trace on NetScaler version 11.1
- Navigate to System > Diagnostics page.
click the Start new trace link in the Diagnostic page, as shown in the following screenshot.
Update the packet size to 0 in the Packet size field.
- Click Start to start recording the network packet trace.
Click Stop and Download to stop recording the network packet trace after the test is complete.
Select the required file and click Select and click Download.
Open the network packet trace file with the Wireshark utility to display the content of the file.
Note: Select Decrypted SSL packets (SSLPLAIN) to decrypt the packet trace without the private key.
Capture SSL master keys
In the 11.0, 11.1 version and above there is an option to capture the session keys which is valid for only for that particular session/nstrace and this option can be used if you do not want to share the private key or use SSLPLAIN mode. For more information, see https://support.citrix.com/article/CTX135889.
Export Session Keys without sharing Private key
In most of the scenarios the private key is not available or shared. In such scenarios we can suggest exporting the SSL session keys instead of the private key. Read, [How to Export and Use SSL Session Keys to Decrypt SSL Traces Without Sharing the SSL Private Key, see https://support.citrix.com/article/CTX135889.
Filters
Also, it is always recommended to add IP based filters while taking traces. The process ensures that you capture only interested traffic which eases your troubleshooting. Adding filters also decreases the load on the appliance while taking traces.
Simple IP-based filters are enough to get the right captures. For more information about nstrace
filters and examples, see Citrix Documentation page.
Use case to capture a packet trace with virtual server IP filter (both front-end and back end)
Using a filter of the virtual server IP address and enabling the option “–link” in CLI or selecting the option “Trace filtered connection peer traffic” in GUI (available 10.1 and above), you can capture both the front-end and back-end traffic for the IP address.
start nstrace -size 0 -filter "CONNECTION.IP.EQ(1.1.1.1)" -link ENABLED
show nstrace
State: RUNNING Scope: LOCAL TraceLocation: "/var/nstrace/24Mar2017_16_00_19/..." Nf: 24 Time: 3600 Size: 0 Mode: TXB NEW_RX
Traceformat: NSCAP PerNIC: DISABLED FileName: 24Mar2017_16_00_19 Filter: "CONNECTION.IP.EQ(1.1.1.1)" Link: ENABLED Merge: ONSTOP Doruntimecleanup: ENABLED
TraceBuffers: 5000 SkipRPC: DISABLED Capsslkeys: DISABLED InMemoryTrace: DISABLED
<!--NeedCopy-->
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论