Date: Thu, 28 Mar 2024 23:55:11 +0100 (CET) Message-ID: <943594809.6126.1711666511645@k5115.pixsoftware.de> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_6125_1202926412.1711666511645" ------=_Part_6125_1202926412.1711666511645 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
Description:
For error analysis it is often necessary to record data traffic on an in= terface. On a LANCOM R&S=C2=AEUnified Firewall this can be done on the = CLI via the command tcpdump.
This article describes how a trace can be recorded on a Unified Firewall= via tcpdump and exported as a Wireshark trace file.
Requirements:
Procedure:
1) Creating the tcpdump on the Unified Firewall:
1.1) Connect to the Unified Fir= ewall with an SSH client and login with the user <= strong>gpadmin.
1.2) Enter the command = sudo -i to gain root permissions= and acknowledge the password prompt by entering the password for the user gpadmin.
1.3) Enter the command
tcpdump -nvli <interface>= -w <save path of the Wireshark file on the Unified Firewall>
For the interface eth2 the command is as follows:
tcpdump -nvli eth2 -w /tmp/trac= e.pcap
The tcpdump can be terminated with the key combination = <STRG> + <C>.
The parameter -w ensures that the tcpdump is saved as a file.
The Wireshark trace can be filtered via the parameters host <= IP address> and port <port number> to a = specific IP address or a specific port. These parameters can also be combin= ed with an and (host <IP address> <= strong>and port <port number>).
2) Transfering the Wireshark fi= le:
To analyze the Wireshark trace it= must first be downloaded from the Unified Firewall to a PC. This can be do= ne via SCP.
2.1) Open the Windows command lin= e and navigate to the folder where the Wireshark file is to be saved.
2.2) Enter the command for the fi= le transfer in the following syntax and acknowledge the password prompt by = entering the password for t= he user gpadmin:
scp gpadmin@<IP address of t= he Unified Firewall>:<File path of the Wireshark file on the Unified = Firewall> <New file name>
In this example the command is as follows:
scp gpadmin@192.168.45.251:/tmp= /trace.pcap trace.pcap
If you haven't already established an SCP connection, t= he ECDSA Key has to be added to the list of known members (known hosts). To= do this acknowledge the prompt Are you sure you want to continue c= onnecting? by typing yes.