Networking: Add TShark (WireShark) for Packet Dumps in WebAdmin
While TCPDump is useful, TShark is much more so, especially with Layer 7 filtering being added.
Add the ability to capture and save a packet dump on a selected interface via the support section of ASG's WebAdmin
Please show logs for allowed packets also for the advance troubleshooting and flow analysing
An option to trace network problems by generating a capture file with pcap syntax options would be nice.
This feature is included in the upcoming release, code-named Project Copernicus. It is currently in public beta. For more details, please see https://www.astaro.org/beta-versions/project-copernicus-public-beta
Sascha Pantleon commented
yeah! TCPDUMP ist up2date at the new beta! Great! So the next step ist TSHARK?
To make tcpdump more useable for admins without deeper linux knowledge it would help them if tcdump can be started via WebAdmin, select interfaces, hosts and ports, start the capture into a file and provide the data after capturing as download. Thus it can be analyzed via Wireshark on a windows/linux PC.
This way we have a simply capture of raw network data and can analyze it with the power af wireshark.
Sascha Pantleon commented
<- what can you do with TShark ->
If you're of the opinion that tcpdump quiet enough . Then I ask back in time! Why do you not update the tcpdump? The version in the v9 can not even ring buffer. For example -G
tcpdump is gud but Tshark is even better in terms of output generated in the log files. would recommend Tshark along with the GUI Integration.
You can already... tcpdump is included in OS by SSH or CLI
Gert - I put these boxes in and support VoIP - capturing for analysis RTP and SIP traffic is trivial for tshark.
Hi Gert, when tracking down a problem, it's not very convenient to have to dump to a file, copy the file off the firewall, and open it on another machine.
I often just run tcpdump or ngrep with the output to the console when testing connections, etc., and the output of tshark is MUCH easier to read than that of tcpdump.
I can't find a screenshot of the main packet view so you'll just have to try it yourself :)
It can also do things which tcpdump cannot, such as summarize traffic, e.g.
Gert Hansen commented
just out of curiosity, what can you do with TShark, that you can't do with tcpdump, which is already on the ASG.
try to use these options to capture all outbound smtp traffic:
- tcpdump -i ppp0 -s 0 -w /tmp/smtp_out.pcap port 25
would be very confortable to have it directly on the asg to avoid to export pcap files each time that we have to analyze the traffic.