Vyatta Tshark examples

Vyatta has so many tools built in to make troubleshooting much easier. Tshark is built into Vyatta, which is just modified Debian.  TCPdump is also included.

Below are some examples of how to run tshark to troubleshoot connectivity in the vyatta at a lower level.

First drop into configuration mode with the command “configure”

sudo tshark -R “ip.addr == 192.168.0.150” -r /tmp/capture.cap

This will pull all communication to and from 192.168.0.150 on any interface

sudo tshark -R “ip.addr == 192.168.0.150” -r /caps/cap1.cap

This will pull all communication from specified IP and then write it to the file /caps/cap1.cap

lets say I want to find any communication on interface eth1

sudo tshark -i eth1

What if I want to find anything coming from ip address 1.1.1.1 on tcp port 80

sudo tshark -R “ip.addr == 1.1.1.1 and tcp.port == 80”

There are a ton of combinations to help with troubleshooting. Using Tshark is a great way to see if traffic is even making it to your firewall.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: