Wireshark-users: Re: [Wireshark-users] How to capture trafic on fiber going to storage ?
On Sep 29, 2011, at 11:26 AM, János Löbb wrote:
> I have a server and the database is on a fiber attached EMC storage.
By "fiber" do you mean "Ethernet over optical media" or do you mean "Fibre Channel"?
If it's Ethernet over optical media, you should be able to capture it with, for example, tcpdump.
If it's Fibre Channel, you won't be able to capture it with tcpdump; you'd probably need a Fibre Channel analyzer.
> The database behaves strangely when asked for complex data not in the cache. It returns less rows as it should. I suspect the traffic to the storage via the fiber is interrupted some way or times out.
I'd expect at least some attempts at error recovery to occur there (whether it's Ethernet or Fibre Channel) and, if it fails, I'd expect an error to be returned at some layer, so that you'd get an I/O error reported, not just fewer rows being returned with no indication of an I/O error.
> So I would like to capture that traffic too and merge with the traffic I capture on ent8.
For Fibre Channel, you could probably capture that traffic with a Fibre Channel analyzer, but I suspect they're expensive to purchase; you might be able to rent one.
Wireshark does not know how to read any Fibre Channel analyzer traces, so you wouldn't be able to merge it; you'd probably end up looking at the Ethernet trace with Wireshark and the Fibre Channel trace with the Fibre Channel analyzer and look at the same period of time in both analyzers.
