Skip to content

Start Your Packet Capture With Ansible

What is Ansible?

Ansible is an agentless open source automation tool used for configuration management and other purposes.
At the moment I also use it to collect diagnosis data.
Ansible is working via SSH and can connect to multiple server in parallel (from your source server). It connects to the remote sides and can executes single tasks or a list of tasks written in an so called “ansible-playbook”.

Why do I use Ansible?

While working on problems in a cluster with multiple nodes I started to get tired of connecting to every single instance, start the tcpdump, stop the tcpdump, download the data, etc..
I needed a solution like Ansible. It saves me the time I need for the analysis.

How to start a packet capture with Ansible?

At first you need to install and configure Ansible on your server. This will be your source server for the remote connections via SSH.
You can find all needed information in the Ansible Documentation:

For the installation and configuration you can follow the steps described here.

Once you are ready running the command “ansible-playbook” you can use my ansible-playbook to start a tcpdump on remote server.

You can start the playbook like: ansible-playbook tcpdump.yml –limit ‘Your-Group’ -u Your-User -k
It is written in a way that it will prompt you for the duration of seconds to run, the network interface on the remote server, the destination folder on the remote server and if needed you can set a capture filter.

After the tcpdump command is done, it will download the files from the remote server to your source server to “/export/tmp/ansible/”.
Of course you can change it according your needs.

Download my ansible playbook here:


I started to use Ansible also for other tasks and it saves me a lot of time. Due to the fact it connects to the same time in parallel to multiple machines it is a very powerful tool in my role as Site Reliability Engineer.

If you want to know more about it, join my Slack Workspace or send me an email.

Stay up-to-date and subscribe to my Newsletter!

Published inAnsibleTcpdump

One Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Please wait...

Subscribe to my newsletter

Want to be updated when a new article is published? Enter your email address and name below to be the first to know.