Tag Archives: Troubleshooting

Vyatta Tshark examples

Leave a comment Posted by on March 19, 2014

Vyatta has so many tools built in to make troubleshooting much easier. Tshark is built into Vyatta, which is just modified Debian.  TCPdump is also included.

Below are some examples of how to run tshark to troubleshoot connectivity in the vyatta at a lower level.

First drop into configuration mode with the command “configure”

sudo tshark -R “ip.addr == 192.168.0.150” -r /tmp/capture.cap

This will pull all communication to and from 192.168.0.150 on any interface

sudo tshark -R “ip.addr == 192.168.0.150” -r /caps/cap1.cap

This will pull all communication from specified IP and then write it to the file /caps/cap1.cap

lets say I want to find any communication on interface eth1

sudo tshark -i eth1

What if I want to find anything coming from ip address 1.1.1.1 on tcp port 80

sudo tshark -R “ip.addr == 1.1.1.1 and tcp.port == 80”

There are a ton of combinations to help with troubleshooting. Using Tshark is a great way to see if traffic is even making it to your firewall.

Advertisements
Vyatta , , ,