Might anyone be able to help me understand running tcpdump using the Igel registry settings? I’m familiar with tcpdump in general. However, why does the thin client have multiple tcpdump files that update simultaneously? Normally, if I’m using tcpdump and set it to rotate logs, it will update only one at a time. I see that one can set the number of rotate files in the Igel registry, but I thought that would be how many historical rotation files it would keep, not how many it would update simultaneously.
I didn’t used it since months tbh. I guess you are using the debuglog partition, right? Which firmware are you on?
Yes, it’s writing to debuglog, and I’m using firmware 11.04.264.
I needed to enable just tcpdump0 instead of tcpdump%. However, the filters are still not working. They work fine if I run it manually in a terminal, but not in the Igel settings. For example, this works fine: tcpdump -pni eth0 -C 50 -z gzip -W 8 -w /tmp/tcpdump.pcap port not 22 host not 192.168.1.1. However, if I put ‘port not 22 and host not 192.168.1.1’ in the Igel tcpdump filter field, it doesn’t filter.
Regarding the filter, I needed to enclose it in single quotation marks (double quotation marks did not work).
Continue reading and comment on the thread ‘Help me understand running tcpdump using the IGEL registry settings?’. Not a member? Join Here!
Learn more, search the IGEL Knowledge Base
Ask a question or comment on the above message thread?
Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.Submit a question, or Join Today!