Troubleshooting tips

Use the following troubleshooting tips to diagnose problems with your DNCA installation.

Table 1. Troubleshooting tips
Troubleshooting tip Description
Core files The presence of core.* files in the /usr/local/dncauser directory is a sign that the capture failed and wrote a core dump file.
Bootup delays

You can notice delays during the bootup procedure and when running various network-related commands if the /etc/resolv.conf file contains the wrong information for the local network. The delays can take the form of a long SSH login attempt when the SSH daemon on the Network Capture host workstation times out while you use the incorrect DNS resolution information from the /etc/resolv.conf file.

This file can contain incorrect information if it was left over from a static IP configuration on a different network. It can also be left over from when the workstation was shut down while using DHCP, although booting up with DHCP normally creates /etc/resolv.conf file. Fixing the file depends on whether the host workstation is configured for DHCP or static IP information.

DHCP

If the DNCA software is configured for DHCP, then do the following steps:

  1. Log in as user root.
  2. Delete the file /etc/resolv.conf.
  3. Run shutdown now to enter single-user mode.
  4. Use the exit command to leave single-user mode and allow the system to generate a new /etc/resolv.conf file.
Static IP

If the DNCA software is configured with a static IP address, then do the following steps:

  1. Log in as user root.
  2. Delete the file /etc/resolv.conf.
  3. Run Discover ipconfig to reenter the DNS information and exit.
  4. The program generates a new /etc/resolv.conf file, which takes effect immediately.
Single-user mode

If you just rebooted the DNCA host machine or powered it on and you must enter single-user mode, then do the following while you use use the GRUB boot loader:

  1. When the GRUB boot menu is displayed, press SPACEBAR to prevent any automatic boot.
  2. Use the arrow keys to select the Red Hat Enterprise Linux™ kernel and version you want to boot.
  3. Press the A key to append kernel options.
  4. At the grub append prompt, append the word single. Press SPACEBAR and then enter single.
  5. Press ENTER to accept the new value and boot.
  6. For more information, see Basic System Recovery chapter of the Red Hat Enterprise Linux System Administration Guide.
Total large packets exceeded The TCP packet size has exceeded the configured limit.

The DNCA is configured to limit packet size. When a captured packet exceeds the configured limit, the DNCA reports the The TCP packet size has exceeded the configured limit error message. Additionally, this scenario causes missing events during session replay

To enable the DNCA to accept larger packet sizes:

  1. Edit the DNCA tuning parameters and enter a new value for the Max large capture packet size. For more information, see Tuning Parameters.
  2. Edit the configuration file and add the following entry to increase the maximum captured packet size:
    <Capture>
    <MaxLargeCapturePktSize>X</MaxLargeCapturePktSize>
    </Capture>

    Replace X with a numeric value for the maximum capture packet size. The value is represented in kilobytes (KB). By default, the maximum-captured-packet size is configured for 40 KB.

    The following example shows an entry that increases the maximum captured packet size to 45 KB.
    <Capture>
    <MaxLargeCapturePktSize>45</MaxLargeCapturePktSize>
    </Capture>
Viewing capture logs

Examining the DNCA logs can help you locate a possible problem.

If Capture is not starting, capture.log typically shows the reason for failing to start, such as bad entry syntax or invalid entry in the configuration file.

Another troubleshooting log, maintenance_200xxxxx.log, shows unhealthy conditions that are forcing the restart/shutdown of the DNCA software.

Both of these logs can be viewed by the web console or by a Linux text editor in the DNCA default logs directory. Depending on the version of the DNCA software, they are located in /usr/local/dncauser/logs or /var/log/Discover.