It may be necessary to perform an analysis of network traffic received by and originating from the Gateway appliance. The Gateway does not come with the necessary packages and applications to perform this function by default. This article will prescribe the steps for installing the necessary applications and running the application to generate an adequate packet capture.
- Copy the RPM file attached to this article to a workstation.
- Upload the file to the Gateway appliance via SFTP or SCP as the?ssgconfig user.
- Log into the Gateway appliance as the ssgconfig user
- Select Option #3: Use a privileged shell (root).
- Install the RPM:?rpm -i -vh /home/ssgconfig/tcpdump-3.9.4-15.el5.x86_64.rpm
?Note: The value of "/path/to/" should be adjusted for the location of the file on the file system. By default, it should be /home/ssgconfig
A commonly used invocation of the tcpdump application is as follows: tcpdump -s 0 -i any -w /path/to/case.cap
- The -s?option specifies where the packet capture will start. This should always be "0."
- The -w?option specifies where the packet capture will be written to on the file system.
- The?-i option specifies an interface to perform a capture against. Valid options would be (but are not limited to):?eth0, eth1, eth2, lo, or any
This application supports a wide array of options that are documented in the application's documentation
?or its formal manual page
on the Gateway appliance. A cross-platform application exists to interpret and display packet captures in a human-readable format. Visit?http://www.wireshark.org/download.html
?for more information.