Obtaining Packet Traces for Analysis in Clustered ONTAP

Quick reference/walkthrough/how-to on obtaining packet traces in NetApp Clustered Data ONTAP (8.1/8.2+). Comes in 7 brief parts - some parts can be skipped if already done!

Part 1: Enabling Access to https://CLUSTER-IP/spi/NODENAME/etc/log

vserver services web modify -name spi -enabled true -vserver CLUSTERNAME
vserver services web access create -role admin -name spi -vserver CLUSTERNAME
security login create -username USERNAME -application http -authmethod password

More complete instructions are detailed here in Method 3

Part 2: Unlock the diag user account for systemshell access

security login unlock -username diag
security login password -username diag

Part 3: Create a folder in /mroot/etc/log for the packet traces

set -priv diag
systemshell -node NODENAME
cd /mroot/etc/log
mkdir traces

Note: This is optional; you could just have the traces generate in /mroot/etc/log.

Part 4: Generate packet traces for the port(s) in question

system node run -node NODENAME

Two examples!

Example 1:

pktt start e0a -d /etc/log/traces
{wait say 30 seconds}
pktt dump e0a
pktt stop all

Example 2:

pktt start all -d /etc/log/traces
{wait say 30 seconds}
pktt dump all
pktt stop all

Note: Depending on port and filer in question, packet traces can generate at a rate 200MB per minute or more - please exercise caution to not fill up the root volume with traces!

Part 5: Download the traces from https://CLUSTER-IP/spi/NODENAME/etc/log/traces

Enter https://CLUSTER-IP/spi/NODENAME/etc/log/traces into your web browser, login and click the filenames to download!

Image: Downloading packet traces via the spi (Service Processor Infrastructure) in Clustered ONTAP
Part 6: Tidy up (delete) the traces

set -priv diag
systemshell -node NODENAME
cd /mroot/etc/log/traces
rm *.*

Note: Please exercise caution with rm *.*! Consider using ls and ls *.trc to get more insight into the contents of the folder, and then rm TRACEFILE.trc to remove files individually.

Part 7: Analyze the packet trace

Not covered here but … Using your favourite packet analysis tool/network protocol analyzer - such as Wireshark from http://www.wireshark.org - load in the trace file.


  1. In 9.3 -- you need to be in diag mode to be able to run the systemshell command. 'set diag'

    1. Many thanks Unknown. I've updated the post to use diag. Cheers, VC


Post a Comment