|
||||||||
I wouldn't suggest this on a production box, but if you're desperate (temporarily), and you have access to Freebsd4.x executables, and you use a good filter, you can do something like this: From exec browser window: http://192.168.1.1/exec.php Upload tcpdump Upload /usr/lib/libpcap.so.2 mv /tmp/libpcap.so.2 /usr/lib chmod 644 /usr/lib/libpcap.so.2 chmod 755 /tmp/tcpdump /tmp/tcpdump -i {interface} -f 'ether host 00:05:43:45:40:61' You'll have to open another http://191.168.1.1/exec.php and run killall tcpdump to get rid of it. bernie -----Original Message----- From: Jeroen Visser [mailto:monowall at forty dash two dot nl] Sent: Thursday, April 27, 2006 3:18 PM To: Robert Rich; m0n0wall at lists dot m0n0 dot ch Subject: Re: [m0n0wall] possibility of sniffing from m0n0 (WRAP)? Hi, Recently I had the same problem. Fiddling around with the MTU size on the wan interface fixed it for me. It was another site though. Capturing on the m0n0wall itself is not possible as far as I know. Setting up rules to monitor connections in the log is as far a m0n0wall goes. Remember to set up a syslog box somewhere, be prepared for quite a lot of loglines. ;-) Gr, Jeroen. On Thu, 27 Apr 2006 09:53:25 -0400, Robert Rich wrote > Hi, > > I'm having a problem getting to https://www.gotomeeting.com from > behind my m0n0 box (1.21 on WRAP). The connection starts to pass > through (i get an HTML title in my browser), but then hangs. This > happens on every OS and hardware box that i have. > > Is it possible to do a packet capture on the m0n0 box itself? I don't > have a hub/spannable switch to sniff the WAN segment, so i can't see > what's coming in to m0n0 to compare with what i'm seeing on the LAN > side... I would only need to capture a few dozen frames. |