Solution

Background

It may be necessary to perform an analysis of network traffic received by and originating from the Gateway appliance. The Gateway does not come with the necessary packages and applications to perform this function by default. This article will prescribe the steps for installing the necessary applications and running the application to generate an adequate packet capture.

Installation

Copy the RPM file attached to this article to a workstation.
Upload the file to the Gateway appliance via SFTP or SCP as the?ssgconfig user.
Log into the Gateway appliance as the ssgconfig user
Select Option #3: Use a privileged shell (root).
Install the RPM:?rpm -i -vh /home/ssgconfig/tcpdump-3.9.4-15.el5.x86_64.rpm

?Note: The value of "/path/to/" should be adjusted for the location of the file on the file system. By default, it should be /home/ssgconfig

Execution

A commonly used invocation of the tcpdump application is as follows: tcpdump -s 0 -i any -w /path/to/case.cap

The -s?option specifies where the packet capture will start. This should always be "0."
The -w?option specifies where the packet capture will be written to on the file system.
The?-i option specifies an interface to perform a capture against. Valid options would be (but are not limited to):?eth0, eth1, eth2, lo, or any

This application supports a wide array of options that are documented in the application's documentation?or its formal manual page on the Gateway appliance. A cross-platform application exists to interpret and display packet captures in a human-readable format. Visit?http://www.wireshark.org/download.html?for more information.

Attachments:

tcpdump-3.9.4-15.el5.x86_64.rpm

Environment

Release:
Component: APIGTW

Attachments

1558534583666TEC0000001276.zip get_app

Feedback

thumb_up Yes

thumb_down No