Packet capture on all interfaces

[kyferez]

Is there any way to capture packets on OPNsense for multiple interfaces simultaneously, rather than resorting to command line?

TCPdump can select multiple interfaces, but why can we not select multiple interfaces when taking a trace? I'm troubleshooting an issue where I apparently have asynchronous routing on one subnet and it would be far more helpful to capture the two interfaces I suspect rather than one which misses half the data I'm looking for.

EDIT: Also, how do I know if the traffic I'm seeing is the traffic ingress or egress for the VLAN captured?

NetScaler has a cool packet capture format which lets you see the VLAN it came in/went out on, if the packet was Rx or Tx, and more. Sure makes reading their traces easier compared to other network devices.

EDIT 2: What? I attempted to capture VLAN 1 and VLAN 99, simultaneously, using 2 tabs. The traces are identical. Did it lose the 1st capture when I tried to start the 2nd? If so, how do I capture these two interfaces at the same time? :( Do I have to resort to CLI? If so, please consider this my feature request.

[kyferez]

Well, I resorted to using TCPdump, which worked and I fixed my asynchronous route.

Def. would like to see the ability to capture all Interfaces in the GUI in the future, as well as capturing in the NetScaler format for easier parsing of what came in and went out on what Interface/VLAN.

[kyferez]

Example of NetScaler (now called ADC) trace extra details in a packet capture which make life far easier when tracing a device with multiple interfaces and VLANs, especially when you add the NIC, VLAN, and Operation (rx/tx) items as columns.

[franco]

Will add the option in exchange for a feature request. :)

https://github.com/opnsense/core/issues


Cheers,
Franco

[kyferez]

Deal.

https://github.com/opnsense/core/issues/2871