Troubleshooting Local Network Traffic - larz7/larzworksamples GitHub Wiki

Load tcpdump and rvictl to isolate dropped packets

One of the most common causes of software failure to run is a problem on a local network. To help track down the problem, use the rvictl packet trace tool, native to tcpdump installation. If Terminal is unable to find the tool:

  • Make sure you have the latest version of tcpdump installed.

  • Make sure /usr/bin/ is in your shell search path.

Launch rvictl. If it fails with the message: bootstrap_look_up(): 1102, run the following command to make sure the com.tcpdump.rpmuxd daemon is loaded:

sudo launchctl list com.tcpdump.rpmuxd

If the daemon is installed, you'll see the following output:

$ sudo launchctl list com.tcpdump.rpmuxd

If the daemon isn’t loaded correctly, you’ll see the following:

   $ sudo launchctl list com.tcpdump.rpmuxd
     Could not find service "com.tcpdump.rpmuxd" in domain for system

This message indicates the daemon is unloaded. Force it to load using the following command:

sudo launchctl load -w /System/Library/LaunchDaemons/com.tcpdump.rpmuxd.plist

Increase Buffer Size

A typical problem recorded by tcpdump is packet size increasing but no clear cause. Often this problem is traced to an overrun in tcpdump's kernel packet recording buffer. A solution to avoid avoid packet loss is to increase tcpdump's recording buffer size. First, test if this condition is a false positive in your environment by printing a summary of packets recording, filtering, and drops:

$ sudo tcpdump -i en0 -w trace.pcap

You'll see output similar to the following:

tcpdump: listening on en0, link-type EN10MB (Ethernet), capture size 65535 bytes
^C
94 packets captured
177 packets received by filter
0 packets dropped by kernel

If the dropped count is non-zero, increase the packet recording buffer size by passing the -t option to tcpdump:

tcpdump -i eth2 -t

listening on eth2, link-type EN10MB (Ethernet), capture size 65535 bytes
STP 802.1d, Config, Flags [none], bridge-id 8000.52:54:00:e1:1c:10.8003, length 43
STP 802.1d, Config, Flags [none], bridge-id 8000.52:54:00:e1:1c:10.8003, length 43