Verifying that the QRadar Network Insights appliance is receiving raw packet data

Follow these steps to verify that QRadar® Network Insights appliance is receiving raw packet data from the network tap or span port.

Before you begin

Ensure that the appliance is cabled correctly.
Review the hardware specifications for your QRadar Network Insights appliance, and use the images to verify the cable configuration.

If you are working with stacked appliances, ensure that the appliance is cabled correctly for the stacked configuration. For more information, see Cabling for stacked appliances.

From the Console, use SSH to log in to QRadar Network Insights as the root user.
If your appliance uses a traditional network card, use tcpdump to verify that the traffic is reaching the network interface:
```
tcpdump -ni <interface_name>
```
For example, type tcpdump -ni ens3f0 -c 5 to capture on ens3f0 and stop after 5 packets.
The results might look similar to this example:
Figure 1. Results of tcpdump capture command
If your appliance uses a Napatech network interface card, type the following command to verify that the traffic is reaching the network interface:
```
/opt/napatech3/bin/monitoring
```
The results might look like similar to the following example:
Figure 2. Napatech monitor with SFP type, Link status, and Transmission (Tx) values.
If there is no traffic that is displayed, check the Link column to see if the status is Down.
Make sure that you are using the correct SFP part number.
1. To identify which SFP part numbers are in use, type the following commands to :
```
grep -i pn /var/log/messages
zgrep -i pn /var/log/messages
```
The output might look similar to the following example:
```
ntservice: Port 3: NIM info: (Vendor: FINISAR CORP., PN: FTLX1471D3BCL, SN: xxxxxx)
```
Review the hardware specifications to view the supported SFP part numbers for your appliance.