Scripting to easily view packet captures on different interfaces

Started by talowicz, Today at 09:01:28 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
Today at 09:01:28 AM
  Hello all!
 
I have been using the packet capture feature in OPNsense for a bit now, but I am tired of having to click through menus and such and was wondering if someone has made a script which automates the downloading of a pcap file from the firewall appliance to the local machine for use in wireshark and so on. I have my router on its own MGMT VLAN and would ideally like to be able to plug in an ethernet cable, run a command and within a few seconds start seeing traffic in wireshark from a VLAN specified. If this hasnt already been developed I would like some pointers as to scripting in OPNsense! Maybe what I am looking for is in something like zenarmor but I have never gotten around to trying it.
 
 All the best :)
Today at 08:30:31 PM #1 Last Edit: Today at 09:02:30 PM by keeka
If you're using wireshark on a linux desktop (not sure about the windows version) you can use the 'ssh remote capture' option to bring it straight in to wireshark near realtime.

Just to add, best way I find to configure the capture in wireshark:
Server: appropriate opnsense interface address.
authentication: username and private key.
capture: select 'other' and put a full tcpdump command. e.g. tcpdump -i pppoe0 -w - 'udp port 53 or tcp port 80'
(Use actual device interface names rather than aliases lan, wan etc.)
check 'save parameters on capture start'.
HTH
Print
Go Up Pages1
User actions