[SOLVED] tshark on OPNsense?

Started by dpatterson, June 19, 2018, 09:06:13 PM

Previous topic - Next topic
June 19, 2018, 09:06:13 PM Last Edit: June 20, 2018, 07:35:18 PM by fabian
Is it possible to install tshark on an OPNsense host?
If so, where can I find documentation on how to do so.

TIA,
D.

Why is it needed? tcpdump is already there and it also has a GUI.

Packet Capture/Packet View isn't showing me enough detail.
I need to drill down into the results.

The issue: I have a site-to-site IPsec VPN to a customer site.
Connections to an application at that site no longer work since installing my OPNsense firewall and creating the new VPN.

Packt Capture shows traffic between the hosts in question, but I can't drill down into it to see what's really happening (SYNx, ACKs, etc.)

Exporting the file and opening it in WireShark was of no use because every packet is just an ENC and I can't drill down into them.

I was hoping that with tshark I could do so with an SSH session to the firewall. Is this incorrect?

Thanks.

So in the end I was able to update Wireshark on my Mac and was then able to properly interpret the tcpdump file from my OPNsense box.

Consider this question closed.

Thanks!