Open GoogleCodeExporter opened 8 years ago
GoogleCodeExporter
commented
8 years ago I usually use a bpf filter as: 'vlan or ip ....' which would work on both IP
packets and VLAN tagged packets.
cxtracker works with VLAN tagged packets, but does not atm. give any output
about what VLAN it sees traffic on. Its on a TODO, but not yet prioritized.Original comment by edwardfj...@gmail.com on 29 Aug 2011 at 5:09
GoogleCodeExporter
commented
8 years ago I could manually use a filter.
I was testing using the web interface. When I log in and do 'sessions ->
search' it shows me my session, but clicking on them generates a 24 byte pcap.
This is because when you use 'tcpdump -r <file> host <ip>' you have to give a
vlan if the pcap contains vlans. It looks to me like a bug in tcpdump since
'tcpdump -i eth0 host <ip>' does work.
It's not that big of a bug, but just in case... ;-)
Original comment by roe...@gmail.com on 29 Aug 2011 at 3:04
GoogleCodeExporter
commented
8 years ago In cxtracker commit c2a87c6649f2b526237bafe37fabd08e8a2aaa46 I added support
for the vlan in the output with -f "%vln". The whole OpenFPC stack needs to
take this in account for it to work though :)Original comment by edwardfj...@gmail.com on 26 Feb 2012 at 9:04
GoogleCodeExporter
commented
8 years ago Also difficult to make snorby work using the extract.cgi with vlan pcaps. Any
tip or workaround? ThanksOriginal comment by agustin....@globant.com on 25 Jun 2013 at 4:15
GoogleCodeExporter
commented
8 years ago hey, I had the same problem and I edit the OPFC/Common.pm file to get filtering
on vlan too.
I edit the called commands on tcpdump to look like this:
my $exec="$config{'TCPDUMP'} -r $_ -w $filename $bpf or (vlan and $bpf) >
/dev/null 2>&1";
$exec="$config{'TCPDUMP'} -r $_ -w $filename $bpf or (vlan and $bpf)" if
($vdebug) ; # Show tcpdump o/p if debug is on
this on the doExtract function...Original comment by bruno90 on 24 Jan 2014 at 3:14
Original issue reported on code.google.com by
roe...@gmail.comon 26 Aug 2011 at 8:41