Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 2 answers
  • Subscribers 29 subscribers
  • Views 954 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to capture packets on WAN Port via SSH and Download it

TVV

Hello, how can I capture packets on WAN or LAN Port via SSH?

I already ched this site, but how can I monitor only WAN or Lan Port ? https://support.sophos.com/support/s/article/KB-000037007?language=en_US

Thanks!



This thread was automatically locked due to age.
Parents
  • 0

    Hello,

    You can use "tcpdump -i Port1 -w file.pcap", where Port1 is the Hardware Interface you want do to the packet capture. You can check the Interfaces with "ip a", and over the Web UI.

    After the packet capture, the file will be located at the /tmp folder, in the example above It will be located at: "/tmp/file.pcap"

    You will be able to get the file from the firewall with scp, an example would be: "scp admin@10.0.0.1:/tmp/file.pcap". You should change the IPv4 Address to the one of your Firewall.

    Thanks!

  • 0 in reply to Prism

    PS: You need to use -b in SFOS to write the file.

    tcpdump -ni Port1 -w /tmp/file.pcap -b 

    And you can use PSCP or tools like MobaXterm to download the file. 

Reply Children