Knowledge Base

Knowledge BaseSecurity - Don't let perfect the enemy of good: Sophos UTM [SG, Astaro]Paket capture (tcpdump)

Bitte , um Beiträge und Themen zu erstellen.

Paket capture (tcpdump)

#1 · 30. August 2022, 8:16

https://support.sophos.com/support/s/article/KB-000038909?language=en_US

Product and Environment

Sophos UTM

Capturing packets and downloading the packet capture

Sign in as root to the CLI of the Sophos UTM using PuTTY.
If traffic needs to be captured for a specific host, run the following command:
tcpdump -nei any host x.x.x.x -n -s0 -w /var/sec/chroot-httpd/var/webadmin/tcpdump.pcap

If traffic needs to be captured for specific port, run the following command:

tcpdump -nei any port <portnumber> -n -s0 -w /var/sec/chroot-httpd/var/webadmin/tcpdump.pcap
Recreate the issue to capture packets. After recreating the issue, press Ctrl + C key combination to stop the packet capture.
Go to a web browser and download the packet capture file from the following path:
https://<UTM IP:Port>/tcpdump.pcap
Go back to the Advanced Shell of the UTM and then run the following command.
Note: It is important to run this command before closing the PuTTY session.

cd /var/sec/chroot-httpd/var/webadmin/ rm tcpdump.pcap