How to: Dump on XG
Hi everybody.
I want to share my experience in dumping on XG with you. Most of the time, i have to write down, how it is done, so i will summarize it here.
First of all, get a SSH Session to your XG.
You have to use the "admin" to login.
Switch to Advanced Shell (Option 5. and Option 3.).
We can now perform a tcpdump.
Refer to the man page of tcpdump for all kind of filter.
http://www.tcpdump.org/manpages/tcpdump.1.html
But here are my "most used":
tcpdump -ni any
You will see all the traffic on all Interfaces with all IPs.
I cannot recommend this because you will see the SSH Traffic as well.
Filter the traffic with port PORTNUMBER and / or host IP_Address. Basically you can use all kind of logical connectives like and, or, nor etc.
https://en.wikipedia.org/wiki/Logical_connective
tcpdump -ni any host 192.168.1.2 and port 443
You can also specify the port with replacing any to the wanted interface (Port3).
tcpdump -ni Port3 host 192.168.1.2 and port 443
For better understanding, you can write the dump into a file with -b -w /tmp/dump.pcap
Use PSCP to download this file.
https://community.sophos.com/kb/en-us/127647
And you can open this file with wireshark and use the power of wireshark to troubleshoot.
Lets get back to the Shell version.
If you want to see all pings, just use:
tcpdump -ni any icmp
In my case, i am using a bridge, so i will see the packets 3 times.
The packet arrives on Port1, will transferred to br0 and leaves the appliance on Port2 with my MASQ ip.
Keep in mind, XG has to NAT the traffic etc. pp. So basically 192.168.1.1 will not be displayed on WAN port etc. Feel free to play with those filters in tcpdump and you will find nearly everything.
Feel free to comment and i will add everything in more detail.
This thread was automatically locked due to age.
