Is anyone familiar with tcpdump filters in the Igel registry? I tested a filter that works fine with the tcpdump command on a thin client (with single quotation marks around it), but when I put it in the registry, it doesn’t work. This is basically what it looks like: not ( (port 22 or 1494 or 2598 or 8443 or 9080 or 30001 or 30002 or 30005 or 61616) or (net 192.168.1 or 192.175.1 or 10.141) ). Tcpdump is working, but the files are growing much more quickly than I would like.
Are you using the debug partition (System,Registry,Debug) or another way?
maybe you just need the header, no payload, there’s a check box for it in the place you enable tcpdump
I’m using the debug partition.
I like the idea of getting just the header; I’ll ask whether that will suffice. Still, I would like to figure out how to make the filter work. 🙂
Did you tried to „ps“ the tcpdump process and see if the parameters provided by Registry are applied?
I don’t see the filter in the command line. It is using .xz for compression as I specified, though of course that is a separate parameter. The filter is in group.ini.
On a side note, I needed to add this custom command for tcpdump to work at all; otherwise, apparmor prevented it from running:
/bin/sed -i “37i /debuglog/* rw,” /etc/apparmor.d/usr.sbin.tcpdump
/bin/cat /etc/apparmor.d/usr.sbin.tcpdump | /sbin/apparmor_parser -r
On apparmor: Did you tried to disable it in Registry: System,Security,apparmor first?
I suppose that would have worked, but I wanted to have a try at seeing whether I could configure it to work without disabling anything. 🙂
Are there any more ideas for making the filter work? I’m wondering whether it’s just some complication or conflict in parsing it from group.ini into the actual command. I was reading /config/bin/tcpdump_config, which is what it seems to run to generate the tcpdump command, but haven’t figured it out yet. I can open a ticket if I need to.
That was my first thought, yes. I was hoping to see something in your ps. I‘m not in the office until monday, I will check then!
Continue reading and comment on the thread ‘Is anyone familiar with tcpdump filters in the IGEL OS Registry? ‘. Not a member? Join Here!
Learn more, search the IGEL Knowledge Base
Ask a question or comment on the above message thread?Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.
Submit a question, or Join Today!
Popular Message Threads
- Receiving error: “Citrix Receiver cannot create a secure connection in this browser” when launching a secure connection from Firefox on IGEL OS
- How to Install IGEL OS via a Bootable USB Drive
- How to change the default IGEL UMS admin password?
- Where to delete the certificates that cause ‘invalid certificate’ when trying to import an IGEL into UMS?
- Citrix connection via Netscaler Error: “AM_ERROR_AUTH_NETWORK_ERROR” on IGEL OS
- IGEL UMS Universal Update Error: “could not resolve host name”
- Error connecting to Citrix StoreFront “Error adding store: Http error”