ettore.dreucci/ettore.dreucci.it
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Little graphical revisions on old posts

Browse Source 
Signed-off-by: Ettore <noettore@gmail.com>
This commit is contained in:
Ettore Dreucci
2019-08-21 21:35:59 +02:00
parent e47e8eb7a0
commit b2ed27fe05
2 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
content/blog/edgerouter-wireshark.md
View File

@@ -1,19 +1,25 @@
---
title: "EdgeRouter Wireshark capture"
tags: ["edgerouter", "wireshark", "networking", "tcpdump"]
categories: ["recipe"]
categories: ["recipe", "troubleshooting"]
description: "How to capture and inspect packet flow in an EdgeRouter with Wireshark"
date: 2019-07-16T01:20:50+02:00
author: "Ettore Dreucci"
draft: false
---
## [[recipe]({{< ref "/categories/recipe" >}})]: How to capture and inspect packet flow in an EdgeRouter with Wireshark
## [[recipe]({{< ref "/categories/recipe" >}}), [troubleshooting]({{< ref "/categories/troubleshooting" >}})]: How to capture and inspect packet flow in an EdgeRouter with Wireshark
### Background
Some days ago I was troubleshooting a “slowness” issue on a procedure in a proprietary accounting software. Such procedure needs to connect with a remote server that holds some invoices, then check which of those are already synched and download the others. Mind that **an invoice takes only a handful kB** and there were **no more than a few hundreds** to check against so even with a mediocre uplink that should have taken hardly a minute. **Too bad it required more or less twenty minutes to complete.**
So here I am, trying to al least to narrow the amount of possible causes: maybe a local networking issue or a routing issue? To check against those possibilities I needed to capture and inspect in real time the packet flow in and out of the EdgeRouter. Luckily Ubiquiti gears all run on Linux so you can use all the handy tools like `tcpdump`!
### Network traffic analysis
#### with a *nix workstation
Now, assuming that an SSH access is already configured and available to the EdgeRouter we can use `tcpdump`, piping and Wireshark to capture the traffic:
```
@@ -32,6 +38,8 @@ Lets walk through the various option:
- `-k` start capturing immediately
- `-i -` set the capture interface to the standard input
#### with a Windows workstation
If instead of a unix machine you have to use a Windows OS you could use the [`plink`](https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html) utility to establish an ssh connection:
```

2
content/blog/iw-monitor-mode.md
View File

@@ -6,6 +6,8 @@ date: "2016-03-13T01:18:27+01:00"
draft: false
---
## [[recipe]({{< ref "/categories/recipe" >}})]: Wireless Monitor Mode and Network-Manager
Sometimes it could be usefull to capture Wireless Lan packets: it could be done in various ways, with iwconfig, Kismet, Wireshark, nprobe and many others, all of them involving putting the wireless card into "monitor mode" (or promiscous), letting you view and record all packets sent on a defined channel by others WiFi devices nearby.
One of the tools almost every linux distro provides you is [`iw`](https://wireless.wiki.kernel.org/en/users/documentation/iw), meant to replace `iwconfig` being more powerful for configuring wireless devices.