Skip to main content
All CollectionsKnowledge BaseEnterprise WorkloadsHow To - Enterprise Workloads
How to collect network traces using inbuilt utilities
How to collect network traces using inbuilt utilities
Updated over a week ago

This article applies to:

  • OS: Linux and Windows

  • Product edition: Phoenix


This article describes procedures to collect network trace on Linux, macOS, and Windows systems.

Collect network trace

Follow the steps provided below for the respective operating systems. The commands specified in the procedure must be run from an elevated command prompt.

❗ Important

Reserve adequate free space in the drive on which the trace files will be saved to avoid running out of disk space.

On Linux/macOS

Use the tcpdump tool to collect the network trace.

  1. In most Linux systems, tcpdump tool is pre-installed. If the tool is not installed, install it with the following command:

    yum install tcpdump

  2. Determine the name of the active network adapter using any of the below commands.

    • tcpdump -D

    • ip -a

    • ifconfig

  3. Collect the network packets and save them in a pcap file

    tcpdump -w /tmp/0001.pcap -i en0


    • /tmp is the location where we want to save the capture

    • 0001.pcap is the name of the capture file

    • en0 is the name of the active adapter derived in Step 2

  4. Reproduce the issue.

  5. Use Ctrl+C to stop the capture.

  6. Collect the /tmp/0001.pcap and send it for analysis.

On Windows

Use the netsh tool to capture etl tracing.

  1. Create a temporary directory. C:\temp1 is created as an example to explain this procedure.

  2. Start the trace with the following command:



    • example.etl is the name of the trace file.

    • c:\temp1 is the location where the trace file is saved.

  3. Reproduce the issue.

  4. Stop the trace with the following command:


  5. Collect the entire C:\Temp1 directory and share it with support in a zipped file for analysis.

Did this answer your question?