[ previous ] [ next ] [ threads ]
 
 From:  "Bernie O'Connor" <Bernie dot OConnor at sas dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] possibility of sniffing from m0n0 (WRAP)?
 Date:  Fri, 28 Apr 2006 09:18:24 -0400
I wouldn't suggest this on a production box, but if you're desperate (temporarily), and you have
access to Freebsd4.x executables, and you use a good filter, you can do something like this:

From exec browser window: http://192.168.1.1/exec.php
Upload tcpdump
Upload /usr/lib/libpcap.so.2
mv /tmp/libpcap.so.2 /usr/lib
chmod 644 /usr/lib/libpcap.so.2
chmod 755 /tmp/tcpdump

/tmp/tcpdump -i {interface} -f 'ether host 00:05:43:45:40:61'

You'll have to open another http://191.168.1.1/exec.php 
	and run killall tcpdump to get rid of it.

bernie
-----Original Message-----
From: Jeroen Visser [mailto:monowall at forty dash two dot nl] 
Sent: Thursday, April 27, 2006 3:18 PM
To: Robert Rich; m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] possibility of sniffing from m0n0 (WRAP)?

Hi,

Recently I had the same problem. Fiddling around with the MTU size on the wan interface fixed it for
me. It was another site though.

Capturing on the m0n0wall itself is not possible as far as I know. Setting up rules to monitor
connections in the log is as far a m0n0wall goes. Remember to set up a syslog box somewhere, be
prepared for quite a lot of loglines. ;-)

Gr,
Jeroen.


On Thu, 27 Apr 2006 09:53:25 -0400, Robert Rich wrote
> Hi,
> 
> I'm having a problem getting to https://www.gotomeeting.com from 
> behind my m0n0 box (1.21 on WRAP).  The connection starts to pass 
> through (i get an HTML title in my browser), but then hangs.  This 
> happens on every OS and hardware box that i have.
> 
> Is it possible to do a packet capture on the m0n0 box itself?  I don't 
> have a hub/spannable switch to sniff the WAN segment, so i can't see 
> what's coming in to m0n0 to compare with what i'm seeing on the LAN 
> side...  I would only need to capture a few dozen frames.