[SOLVED] tshark on OPNsense?

dpatterson · June 19, 2018, 09:06:13 PM

Is it possible to install tshark on an OPNsense host?
If so, where can I find documentation on how to do so.

TIA,
D.

fabian · June 19, 2018, 09:22:56 PM

Why is it needed? tcpdump is already there and it also has a GUI.

dpatterson · June 19, 2018, 09:31:44 PM

Packet Capture/Packet View isn't showing me enough detail.
I need to drill down into the results.

The issue: I have a site-to-site IPsec VPN to a customer site.
Connections to an application at that site no longer work since installing my OPNsense firewall and creating the new VPN.

Packt Capture shows traffic between the hosts in question, but I can't drill down into it to see what's really happening (SYNx, ACKs, etc.)

Exporting the file and opening it in WireShark was of no use because every packet is just an ENC and I can't drill down into them.

I was hoping that with tshark I could do so with an SSH session to the firewall. Is this incorrect?

Thanks.

dpatterson · June 19, 2018, 11:46:14 PM

So in the end I was able to update Wireshark on my Mac and was then able to properly interpret the tcpdump file from my OPNsense box.

Consider this question closed.

Thanks!

[SOLVED] tshark on OPNsense?

dpatterson

June 19, 2018, 09:06:13 PM Last Edit: June 20, 2018, 07:35:18 PM by fabian

fabian

June 19, 2018, 09:22:56 PM #1

dpatterson

June 19, 2018, 09:31:44 PM #2

dpatterson

June 19, 2018, 11:46:14 PM #3