Home > Technical > RSA > Citrix – Netscaler Packet Capture

Citrix – Netscaler Packet Capture

Here is what we can do to troubleshoot the NetScaler. In this example, we’re trying to capture authentication from Citrix AG to RSA Authentication Manager. The two RSA servers below are configured as Radius servers in Citrix AG.

Primary RSA Server: 192.168.1.10
Replica RSA Server: 192.168.2.10
Citrix AG (Netscaler): 192.168.10.20

Start a trace on the NetScaler using the following filter:

  • SSH into the Netscaler using your username and password
  • At the prompt type “shell” and press Enter to become root
  • At the shell prompt type the following command:

root@ns# nstrace.sh -filter ‘SOURCEIP == 192.168.1.10 || DESTIP == 192.168.1.10 || SOURCEIP == 192.168.2.10 || DESTIP == 192.168.2.10 || SOURCEIP == 192.168.10.20 || DESTIP == 192.168.10.20 || SOURCEIP == 127.0.0.1 || DESTIP == 127.0.0.1’ -tcpdump 1 -sz 1470

  • Open a new SSH session to the Netscaler and type the following command:
  • root@ns# cat /tmp/aaad.debug >> /var/tmp/aaa.debug.log

Wait for users to login and break each command above.

  • Now you can correlate your RSA logs, the debug logs above and the packet capture above.

Important: Don’t run these commands for too long because the capture can fill up the disk space on the Netscaler and cause a DoS.

Copyright © 2012-2017 Yared Consulting Inc. All Rights Reserved. | Privacy Policy | Terms & Conditions