Nicholas Morrison - Networking Specialist

S2E2 - tcpdump


Topology: BGP-01

Connecting to the lab server

Connect to the lab server:

local$ ssh-keygen -R
local$ ssh [email protected]
Password: (see discord)

Connect to your router:

lab@netlab$ list-devices
lab@netlab$ connect DEVICE


  • understand network namespaces
  • understand tcpdump
  • understand wireshark

About Linux network namespaces

  • network namespaces (netns)
  • Linux feature since 2002 (linux kernel version 2.4)
  • groups and segregates network interfaces
  • used in container contexts, like containerlab!
  • ip netns list lists the existing network namespaces
    • use ip netns list | grep pod5 to filter for your pod
  • ip netns exec NAMESPACE [some_command] executes a command in that namespace
  • ip netns exec NAMESPACE ip -c link lists interfaces in a namespace
  • ip netns exec NAMESPACE ip -c address lists interfaces and their addresses in a namespace

About tcpdump

About wireshark

  • GUI packet analysis tool
  • very powerful filter system

Initial configuration

  • by default, r1 acts as a switch (all ports untagged in VLAN 1)
    • so no configuration is required for r1
  • configure pc1 with
  • configure pc2 with

Configure the PCs

Configure with:

ip address add dev eth1
ip route delete default

Check the config with:

ip address
ip route

Delete a mistake if you need to

ip address delete dev eth1

Open at least two terminals

You’ll need two terminals for the next bit.

Generate some packets

In one terminal, ping from pc1.

In the other terminal, don’t connect to a device, but stay “outside” in your shell.

Using tcpdump and netns

In your other terminal window, execute tcpdump from inside the pc1 network namespace.


ip netns exec clab-pod1-pc1 ip -c link
ip netns exec clab-pod1-pc1 tcpdump -i eth1

Produce some different packet types

Stop your ping on pc1 with ctrl-c and execute:


What kind of packets do you see in your tcpdump?

Capture some packets to disk

Capture 20 packets:

ip netns exec clab-podX-pc1 tcpdump -i eth1 -c 20 -w CLEVER_FILENAME.pcap

Copy them to your local computer. Locally,

scp [email protected]:CLEVER_FILENAME.pcap .

Open this file locally in Wireshark.