Vyatta Tshark examples
March 19, 2014
Posted by on
Vyatta has so many tools built in to make troubleshooting much easier. Tshark is built into Vyatta, which is just modified Debian. TCPdump is also included.
Below are some examples of how to run tshark to troubleshoot connectivity in the vyatta at a lower level.
First drop into configuration mode with the command “configure”
sudo tshark -R “ip.addr == 192.168.0.150” -r /tmp/capture.cap
This will pull all communication to and from 192.168.0.150 on any interface
sudo tshark -R “ip.addr == 192.168.0.150” -r /caps/cap1.cap
This will pull all communication from specified IP and then write it to the file /caps/cap1.cap
lets say I want to find any communication on interface eth1
sudo tshark -i eth1
What if I want to find anything coming from ip address 220.127.116.11 on tcp port 80
sudo tshark -R “ip.addr == 18.104.22.168 and tcp.port == 80”
There are a ton of combinations to help with troubleshooting. Using Tshark is a great way to see if traffic is even making it to your firewall.