Network Diagnostic Tools
62
13.2.5. Snaplen specification
The
snaplen
argument specifies the maximum length captured, but this applies at the protocol level. As such
PPP packets will have up to the
snaplen
from the PPP protocol bytes and then have fake PPPoE and Ethernet
headers added.
A
snaplen
value of 0 has special meaning - it causes logging of just IP, TCP, UDP and ICMP headers as
well as headers in ICMP error payloads. This is primarily to avoid logging data carried by these protocols.
13.2.6. Using the web interface
The web form is accessed by selecting the "Packet dump" item under the "Diagnostics" main-menu item. Setup
the dump parameters with reference to Table 13.1 and click the "Dump" button. Your browser will ask you to
save a file, which will take time to save as per the timeout requested.
13.2.7. Using an HTTP client
To perform a packet dump using an HTTP client, you first construct an appropriate URL that contains standard
HTTP URL form-style parameters from the list shown in Table 13.1. Then you retreive the dump from the
FB6000 using a tool such as
curl
.
The URL is
http://<FB6000
IP
address
or
DNS
name>/pcap?
parameter_name=value[¶meter_name=value ...]
The URL may include as many parameter name and value pairs as you need to completely specify the dump
parameters.
Packet capturing stops if the output stream (HTTP transfer) fails. This is useful if you are unable to determine
a suitable timeout period, and would like to run an ongoing capture which you stop manually. This is achieved
by specifying a very long duration, and then interrupting execution of the HTTP client using Ctrl+C or similar.
Only one capture can operate at a time. The HTTP access fails if no valid interfaces or sessions etc. are specified
or if a capturing is currently running.
13.2.7.1. Example using curl and tcpdump
An example of a simple real-time dump and analysis run on a Linux box is shown below :-
curl --silent --no-buffer --user name:pass
'http://1.2.3.4/pcap?interface=LAN&timeout=300&snaplen=1500'
| /usr/sbin/tcpdump -r - -n -v
Note
Linebreaks are shown in the example for clarity only - they must not be entered on the command-line
In this example we have used username name and password pass to log-in to a FireBrick on address 1.2.3.4
- obviously you would change the IP address (or host name) and credentials to something suitable for your
FB6000.
We have asked for a dump of the interface named
LAN
, with a 5 minute timeout and capturing 1500 byte
packets. We have then fed the output in real time (hence specifying
--no-buffer
on the
curl
command)
to
tcpdump
, and asked it to take capture data from the standard input stream (via the
-r -
options). We have
additionally asked for no DNS resolution (
-n
) and verbose output (
-v
).
Consult the documentation provided with the client (e.g. Linux box) system for details on the extensive range
of
tcpdump
options - these can be used to filter the dump to better locate the packets you are interested in.
Содержание FB6602
Страница 1: ...FireBrick FB6602 User Manual FB6000 Versatile Network Appliance...
Страница 2: ......
Страница 60: ...Profiles 45 profile name Off set false profile name On set true...
