Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 4877 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

tcpdump to file with larger snapsize

Florian Lohoff

Hi,

Is there any possibility to capture a tcpdump with large snapsize to file? tcpdump on the advanced shell refuses the option "-w" to write to file. The "tcpdump filedump" does not capture with a adaequate snapsize.

We upgraded to v17 on the Weekend and now our PPTP VPN is broken. It seems something has changed concerning the username in RADIUS Authentication. We discovered that the sophos does convert the username to lowercase. To produce output we'd like to dump the ppptp/ppp and RADIUS traffic. With the default snapsize of something like 64 bytes we loose the username in the RADIUS Access-Request packet.

The Microsoft NPS refuses "PNeumann" but allows "pneumann" although both of them get converted to lowercase in the sophos. So something has to be different in the RADIUS Accept Request.

Flo



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to joney

    As the normal "-w" causes a "Operation now allowed" (What an annoyance on Sophoses behalf) i tried finding a loophole and found one.

    On the console one can issue a "tcpdump <filter> filedump". It seems it starts tcpdump in the background and one can abuse the filter term to smuggle in other tcpdump options.

    tcpdump 'port 1812 or port 1723 -s 1500' filedump


    Works - So there is missing input parameter sanitization going on. All in all compared to e.g. Juniper SRX the Sophos XG makes it pretty hard for an admin to do debugging.

    Flo