Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
811
Views
0
Helpful
1
Replies

How to cnfigure TCPDUMP Filter on S650

winddlover_ironport
Level 1
Level 1

‎01-21-2009 04:19 AM

I'd like to enable TCPDUMP on S box to capture traffic from client ip address. In the diagnostic menu, the default filter is (tcp and port 80).
any idea about how to customize filter to capture traffic from
specific ip address instead of all traffic through box.

thanks

Labels:
0 Helpful
1 Reply 1

jowolfer
Level 1
Level 1

‎01-21-2009 04:50 PM

Which version of the WSA are you running?

In 5.6, there is a new CLI command "packetcapture". I highly recommend using this, since the Diagnostic command is deprecated and will be removed in 6.0.

From this command, you can easily set the capture filter via the context menus.

Filter syntax is standard tcpdump. You can also use the new GUI capture menu:

------------------------------------------
GUI -> Support and Help (upper right corner) -> Packet Capture

Edit Settings:
Select the appropriate interfaces to capture as well as the capture filter. If you are uncertain what filter to use, run the capture with "no filters".

** Be advised that on high traffic networks, an unfiltered capture may hit the maximum size before capturing the necessary data.

The Start the capture, reproduce the issue and then stop the capture. The packet capture will be date stamped and in the "Manage Packet Capture Files" section.
------------------------------------------

0 Helpful
Customers Also Viewed These Support Documents