- Download the compressed archive attached to this article to a workstation.
- Upload the contents of the compressed archive to the Gateway appliance via SFTP or SCP as the ssgconfig user.
- Log into the Gateway appliance as the ssgconfig user
- Select Option #3: Use a privileged shell (root).
- Install the libpcap RPM: rpm -i -vh /path/to/libpcap-1.4.0-4.20130826git2dbcaa1.el6.x86_64.rpm
- Install the tcpdump RPM: rpm -i -vh /path/to/tcpdump-4.0.0-9.20090921gitdf3cb4.2.el6.x86_64.rpm
?Note: The value of "/path/to/" should be adjusted for the location of the file on the file system. By default, it should be /home/ssgconfig
A commonly used invocation of the tcpdump application is as follows: tcpdump -s 0 -i any -w /path/to/case.cap
- The -s option specifies where the packet capture will start. This should always be "0."
- The -w option specifies where the packet capture will be written to on the file system.
- The -i option specifies an interface to perform a capture against. Valid options would be (but are not limited to): eth0, eth1, eth2, lo, or any
This application supports a wide array of options that are documented in the application's documentation or its formal manual page on the Gateway appliance. A cross-platform application exists to interpret and display packet captures in a human-readable format. Visit http://www.wireshark.org/download.html for more information.