Thursday, 2 January 2014

Obtaining Packet Traces for Analysis in Clustered ONTAP

Quick reference/walkthrough/how-to on obtaining packet traces in NetApp Clustered Data ONTAP (8.1/8.2+). Comes in 7 brief parts - some parts can be skipped if already done!

Part 1: Enabling Access to https://CLUSTER-IP/spi/NODENAME/etc/log

vserver services web modify -name spi -enabled true -vserver CLUSTERNAME
vserver services web access create -role admin -name spi -vserver CLUSTERNAME
security login create -username USERNAME -application http -authmethod password

More complete instructions are detailed here in Method 3

Part 2: Unlock the diag user account for systemshell access

security login unlock -username diag
security login password -username diag

Part 3: Create a folder in /mroot/etc/log for the packet traces

set -priv diag
systemshell -node NODENAME
cd /mroot/etc/log
mkdir traces

Note: This is optional; you could just have the traces generate in /mroot/etc/log.

Part 4: Generate packet traces for the port(s) in question

system node run -node NODENAME

Two examples!

Example 1:

pktt start e0a -d /etc/log/traces
{wait say 30 seconds}
pktt dump e0a
pktt stop all

Example 2:

pktt start all -d /etc/log/traces
{wait say 30 seconds}
pktt dump all
pktt stop all

Note: Depending on port and filer in question, packet traces can generate at a rate 200MB per minute or more - please exercise caution to not fill up the root volume with traces!

Part 5: Download the traces from https://CLUSTER-IP/spi/NODENAME/etc/log/traces

Enter https://CLUSTER-IP/spi/NODENAME/etc/log/traces into your web browser, login and click the filenames to download!

Image: Downloading packet traces via the spi (Service Processor Infrastructure) in Clustered ONTAP
Part 6: Tidy up (delete) the traces

set -priv diag
systemshell -node NODENAME
cd /mroot/etc/log/traces
rm *.*

Note: Please exercise caution with rm *.*! Consider using ls and ls *.trc to get more insight into the contents of the folder, and then rm TRACEFILE.trc to remove files individually.

Part 7: Analyze the packet trace

Not covered here but … Using your favourite packet analysis tool/network protocol analyzer - such as Wireshark from - load in the trace file.


  1. Thanks to the writer of this article. I appreciate your effort in making this informational blogs. I know it's not easy to do this but you have done a really great job. Congrats. I'm pretty sure your readers enjoying it a lots.


  2. In 9.3 -- you need to be in diag mode to be able to run the systemshell command. 'set diag'

    1. Many thanks Unknown. I've updated the post to use diag. Cheers, VC