PG1X WIKI

My Knowledge Base

User Tools

Site Tools


tech:network:cml:2.0:how-to-packet-capture-with-wireshark:how-to-packet-capture-with-wireshark

Wireshark Packet Capture on CML 2.0 Personal (CML-P)

hmm…. this default behavior not acceptable…

CML-P Packet Capture Log

start capture

Login to cockpit.

https://cml-controller.pg1x.net:9090/

start openssh service. It listen on port 1122/tcp.

Logout cockpit terminal

I want to login CML over SSH because copy and paste commands, password for convenience.

SSH to CML port 1122.

[lasthope@cml-controller ~]$ sudo -E -s
[sudo] password for lasthope:
[root@cml-controller lasthope]# ls -l /var/tmp/
total 4
drwx------. 3 root  root    17 Jul 21 22:04 systemd-private-e0d2806cf62a4aec843a079c99ca68f5-chronyd.service-LZkreZ
drwx------. 3 root  root    17 Jul 21 22:04 systemd-private-e0d2806cf62a4aec843a079c99ca68f5-nginx.service-d0x1cV
drwx------. 3 root  root    17 Jul 21 22:17 systemd-private-e0d2806cf62a4aec843a079c99ca68f5-timedatex.service-Gc74sK
-rw-------. 1 virl2 virl2 1268 Jul 23 08:18 wireshark_-_20200723081835_uxIfL5.pcapng

on Windows

cmd

then

"%PROGRAMFILES(x86)%\Nmap\ncat.exe" -l 20000 | "%PROGRAMFILES%\Wireshark\Wireshark.exe" -ki -

open port 20000/tcp

on CML 2.0

sudo tail -f /var/tmp/wireshark_-_20200723081835_uxIfL5.pcapng -n +1 | nc 10.0.255.8 20000

hmm… not working… stop try to live capture, then, I manually copy pcapng file and download by SCP…

Cisco Modeling Labs 2.0 Release Notes

The API documentation is included with the product itself. For more information about the client library, visit the client library's PyPi page.

virl2-client · PyPI

Usage The package itself is fairly well documented using docstrings. In addition, the documentation is available in HTML format on the controller itself, via the “Tools → Client Library” menu.

Swagger UI in Your CML

https://cml-controller.cml.lab/api/v0/ui/

tail -f /var/log/nginx/access.log | fgrep -v --line-buffered system_stats | fgrep -v --line-buffered -v simulation_stats
[root@cml-controller lasthope]# tail -f /var/log/nginx/access.log | fgrep -v --line-buffered system_stats
10.0.255.8 - - [23/Jul/2020:22:49:43 +0000] "GET /api/v0/ui/ HTTP/2.0" 200 646 "https://cml-controller.pg1x.net/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36" "-"
10.0.255.8 - - [23/Jul/2020:22:49:43 +0000] "GET /api/v0/openapi.json HTTP/2.0" 200 17751 "https://cml-controller.pg1x.net/api/v0/ui/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36" "-"
10.0.255.8 - - [23/Jul/2020:22:50:09 +0000] "GET /ws/dispatch/frontend/console?uuid=f1c33684-b6de-4d30-941f-673489e83ab8 HTTP/1.1" 101 401357 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:22:50:09 +0000] "GET /ws/dispatch/frontend/console?uuid=c7f92fde-297f-4a6d-9876-41cf3e97d243 HTTP/1.1" 101 417216 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:22:50:09 +0000] "GET /ws/dispatch/frontend/console?uuid=5bee159c-ab31-4215-9c7d-6cc219d2a782 HTTP/1.1" 101 415110 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:22:50:09 +0000] "GET /ws/dispatch/frontend/console?uuid=38ef5f89-fe81-4246-9a26-ed9a5c74d94f HTTP/1.1" 101 422327 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:22:50:09 +0000] "GET /ws/dispatch/frontend/console?uuid=5c0f3f05-1390-4d59-8d47-29040afd8c30 HTTP/1.1" 101 627 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:22:50:57 +0000] "GET /api/v0/system_information HTTP/1.1" 200 45 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:22:51:03 +0000] "GET /api/v0/keys/vnc HTTP/1.1" 401 104 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:22:51:03 +0000] "GET /api/v0/keys/console HTTP/1.1" 401 104 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:22:51:03 +0000] "POST /api/v0/authenticate HTTP/1.1" 200 177 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:22:51:03 +0000] "GET /api/v0/simplified_node_definitions HTTP/1.1" 401 104 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:22:51:03 +0000] "GET /api/v0/keys/vnc HTTP/1.1" 200 2 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:22:51:03 +0000] "GET /api/v0/keys/console HTTP/1.1" 200 1272 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:22:51:03 +0000] "POST /api/v0/authenticate HTTP/1.1" 200 177 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:22:51:03 +0000] "GET /api/v0/simplified_node_definitions HTTP/1.1" 200 32348 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:22:51:03 +0000] "GET /api/v0/labs HTTP/1.1" 200 50 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:22:51:03 +0000] "GET /api/v0/labs/9fa2d2 HTTP/1.1" 200 753 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:22:51:03 +0000] "GET /api/v0/labs/cdaea0 HTTP/1.1" 200 173 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:22:51:03 +0000] "GET /api/v0/labs/afc5ff HTTP/1.1" 200 422 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:22:51:03 +0000] "GET /api/v0/labs/7e6dbd HTTP/1.1" 200 622 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:22:51:03 +0000] "GET /api/v0/labs/9fa2d2/nodes HTTP/1.1" 200 42 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:22:51:03 +0000] "GET /api/v0/labs/9fa2d2/nodes/n4?simplified=true HTTP/1.1" 200 234 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:22:51:03 +0000] "GET /api/v0/labs/9fa2d2/nodes/n2?simplified=true HTTP/1.1" 200 236 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:22:51:03 +0000] "GET /api/v0/labs/9fa2d2/nodes/n0?simplified=true HTTP/1.1" 200 236 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:22:51:03 +0000] "GET /api/v0/labs/9fa2d2/nodes/n3?simplified=true HTTP/1.1" 200 236 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:22:51:03 +0000] "GET /api/v0/labs/9fa2d2/nodes/n1?simplified=true HTTP/1.1" 200 236 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:22:51:10 +0000] "GET /api/v0/labs/9fa2d2/nodes/n0/keys/console?line=0 HTTP/1.1" 200 38 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:22:51:10 +0000] "GET /api/v0/labs/9fa2d2/nodes/n1/keys/console?line=0 HTTP/1.1" 200 38 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:22:51:10 +0000] "GET /api/v0/labs/9fa2d2/nodes/n2/keys/console?line=0 HTTP/1.1" 200 38 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:22:51:10 +0000] "GET /api/v0/labs/9fa2d2/nodes/n3/keys/console?line=0 HTTP/1.1" 200 38 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:22:51:10 +0000] "GET /api/v0/labs/9fa2d2/nodes/n4/keys/console?line=0 HTTP/1.1" 200 38 "-" "Go-http-client/1.1" "-"
[root@cml-controller lasthope]# tail -f /var/log/nginx/access.log | fgrep -v --line-buffered system_stats | fgrep -v --line-buffered -v simulation_stats
10.0.255.8 - - [23/Jul/2020:23:07:13 +0000] "GET /ws/dispatch/frontend/console?uuid=5bee159c-ab31-4215-9c7d-6cc219d2a782 HTTP/1.1" 101 437 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:23:07:13 +0000] "GET /ws/dispatch/frontend/console?uuid=c7f92fde-297f-4a6d-9876-41cf3e97d243 HTTP/1.1" 101 437 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:23:07:13 +0000] "GET /ws/dispatch/frontend/console?uuid=5c0f3f05-1390-4d59-8d47-29040afd8c30 HTTP/1.1" 101 2668 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:23:07:13 +0000] "GET /ws/dispatch/frontend/console?uuid=f1c33684-b6de-4d30-941f-673489e83ab8 HTTP/1.1" 101 437 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:23:07:13 +0000] "GET /ws/dispatch/frontend/console?uuid=38ef5f89-fe81-4246-9a26-ed9a5c74d94f HTTP/1.1" 101 437 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:23:07:48 +0000] "GET /api/v0/system_information HTTP/1.1" 200 45 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:23:07:50 +0000] "GET /api/v0/simplified_node_definitions HTTP/1.1" 401 104 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:23:07:50 +0000] "GET /api/v0/keys/vnc HTTP/1.1" 401 104 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:23:07:50 +0000] "GET /api/v0/keys/console HTTP/1.1" 401 104 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:23:07:50 +0000] "POST /api/v0/authenticate HTTP/1.1" 200 177 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:23:07:50 +0000] "GET /api/v0/simplified_node_definitions HTTP/1.1" 200 32348 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:23:07:50 +0000] "GET /api/v0/keys/console HTTP/1.1" 200 1272 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:23:07:50 +0000] "GET /api/v0/keys/vnc HTTP/1.1" 200 2 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:23:07:50 +0000] "GET /api/v0/labs HTTP/1.1" 200 50 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:23:07:50 +0000] "GET /api/v0/labs/cdaea0 HTTP/1.1" 200 173 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:23:07:50 +0000] "GET /api/v0/labs/9fa2d2 HTTP/1.1" 200 753 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:23:07:50 +0000] "GET /api/v0/labs/7e6dbd HTTP/1.1" 200 622 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:23:07:50 +0000] "GET /api/v0/labs/afc5ff HTTP/1.1" 200 422 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:23:07:50 +0000] "GET /api/v0/labs/9fa2d2/nodes HTTP/1.1" 200 42 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:23:07:50 +0000] "GET /api/v0/labs/9fa2d2/nodes/n0?simplified=true HTTP/1.1" 200 236 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:23:07:50 +0000] "GET /api/v0/labs/9fa2d2/nodes/n4?simplified=true HTTP/1.1" 200 234 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:23:07:50 +0000] "GET /api/v0/labs/9fa2d2/nodes/n2?simplified=true HTTP/1.1" 200 236 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:23:07:50 +0000] "GET /api/v0/labs/9fa2d2/nodes/n1?simplified=true HTTP/1.1" 200 236 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:23:07:50 +0000] "GET /api/v0/labs/9fa2d2/nodes/n3?simplified=true HTTP/1.1" 200 236 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:23:07:57 +0000] "GET /api/v0/system_information HTTP/1.1" 200 45 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:23:07:58 +0000] "GET /api/v0/labs/9fa2d2/nodes/n0/keys/console?line=0 HTTP/1.1" 200 38 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:23:07:58 +0000] "GET /api/v0/labs/9fa2d2/nodes/n1/keys/console?line=0 HTTP/1.1" 200 38 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:23:07:58 +0000] "GET /api/v0/labs/9fa2d2/nodes/n2/keys/console?line=0 HTTP/1.1" 200 38 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:23:07:58 +0000] "GET /api/v0/labs/9fa2d2/nodes/n3/keys/console?line=0 HTTP/1.1" 200 38 "-" "Go-http-client/1.1" "-"
10.0.255.8 - - [23/Jul/2020:23:07:58 +0000] "GET /api/v0/labs/9fa2d2/nodes/n4/keys/console?line=0 HTTP/1.1" 200 38 "-" "Go-http-client/1.1" "-"

セッションキーをエクスポートし、秘密鍵を共有することなくWireshark でSSL/TLS 通信を複合

register publickey by cockpit and allow no password sudo

sudo

sudo: no tty present and no askpass program specified
cat <<EOF | sudo tee /etc/sudoers.d/lasthope
lasthope ALL=(ALL) NOPASSWD: /bin/tail, /bin/ls, /usr/bin/less, /usr/bin/cat, /usr/bin/vi
EOF
sudo chmod 644 /etc/sudoers.d/lasthope
[root@cml-controller lasthope]# ls -laZ /etc/sudoers.d/
total 16
drwxr-x---.   2 root root system_u:object_r:etc_t:s0   24 Apr 13 22:00 .
drwxr-xr-x. 102 root root system_u:object_r:etc_t:s0 8192 Jul 21 22:04 ..
-rw-r--r--.   1 root root system_u:object_r:etc_t:s0   61 Apr  8 19:39 virl2-sudo
[root@cml-controller lasthope]# cat /etc/sudoers.d/virl2-sudo
virl2  ALL=NOPASSWD: /bin/tar, /usr/sbin/sysctl, /usr/bin/rm
[root@cml-controller lasthope]# which tail
/bin/tail
[root@cml-controller lasthope]# cat <<EOF | sudo tee /etc/sudoers.d/lasthope
> lasthope ALL=(ALL) NOPASSWD: /bin/tail
> EOF
lasthope ALL=(ALL) NOPASSWD: /bin/tail
[root@cml-controller lasthope]# sudo chmod 644 /etc/sudoers.d/lasthope
[root@cml-controller lasthope]# ls -laZ /etc/sudoers.d/
total 20
drwxr-x---.   2 root root system_u:object_r:etc_t:s0       40 Jul 24 01:29 .
drwxr-xr-x. 102 root root system_u:object_r:etc_t:s0     8192 Jul 21 22:04 ..
-rw-r--r--.   1 root root unconfined_u:object_r:etc_t:s0   39 Jul 24 01:29 lasthope
-rw-r--r--.   1 root root system_u:object_r:etc_t:s0       61 Apr  8 19:39 virl2-sudo
restorecon -RFv /etc/sudoers.d/lasthope
[root@cml-controller lasthope]# restorecon -v /etc/sudoers.d/lasthope
[root@cml-controller lasthope]# ls -laZ /etc/sudoers.d/
total 20
drwxr-x---.   2 root root system_u:object_r:etc_t:s0       40 Jul 24 01:29 .
drwxr-xr-x. 102 root root system_u:object_r:etc_t:s0     8192 Jul 21 22:04 ..
-rw-r--r--.   1 root root unconfined_u:object_r:etc_t:s0   39 Jul 24 01:29 lasthope
-rw-r--r--.   1 root root system_u:object_r:etc_t:s0       61 Apr  8 19:39 virl2-sudo
[root@cml-controller lasthope]# restorecon -RFv /etc/sudoers.d/lasthope
Relabeled /etc/sudoers.d/lasthope from unconfined_u:object_r:etc_t:s0 to system_u:object_r:etc_t:s0
[root@cml-controller lasthope]# ls -laZ /etc/sudoers.d/
total 20
drwxr-x---.   2 root root system_u:object_r:etc_t:s0   40 Jul 24 01:29 .
drwxr-xr-x. 102 root root system_u:object_r:etc_t:s0 8192 Jul 21 22:04 ..
-rw-r--r--.   1 root root system_u:object_r:etc_t:s0   39 Jul 24 01:29 lasthope
-rw-r--r--.   1 root root system_u:object_r:etc_t:s0   61 Apr  8 19:39 virl2-sudo

Remote capture via ssh and pipe - Wireshark Q&A

---------------------------

---------------------------
Data written to the pipe is neither in a supported pcap format nor in pcapng format.
---------------------------
Please report this to the developers of the program writing to the pipe.
---------------------------
OK   
---------------------------

Data written to the pipe is neither in a supported pcap format nor in pcapng format - Ask Wireshark

C:\Users\wnoguchi\Documents\projects\networking\cisco\cml\2.0\toybox>"%PLINK_PATH%" -V
plink: Release 0.73
Build platform: 64-bit x86 Windows
Compiler: clang 7.0.0 (tags/RELEASE_700/final), emulating Visual Studio 2013 (12.0), _MSC_VER=1800
Source commit: 745ed3ad3beaf52fc623827e770b3a068b238dd5

install 0.74

C:\Users\wnoguchi\Documents\projects\networking\cisco\cml\2.0\toybox>"%PLINK_PATH%" -V
plink: Release 0.74
Build platform: 64-bit x86 Windows
Compiler: clang 11.0.0 (https://github.com/llvm/llvm-project/ bc15bf66dcca76cc06fe71fca35b74dc4d521021), emulating Visual Studio 2013 (12.0), _MSC_VER=1800
Source commit: 014d4fb151369f255b3debed7d15a154fd9036f5

not works…

download plink binary only

snapshot version

C:\Users\wnoguchi\Documents\projects\networking\cisco\cml\2.0\toybox>"C:\Users\wnoguchi\Downloads\plink.exe" -V
plink: Development snapshot 2020-06-28.2762a20
Build platform: 64-bit x86 Windows
Compiler: clang 11.0.0 (https://github.com/llvm/llvm-project/ bc15bf66dcca76cc06fe71fca35b74dc4d521021), emulating Visual Studio 2013 (12.0), _MSC_VER=1800
Source commit: 2762a2025f094bf8ccb75c0bdd7c655bc953f2f1

not works…

0.70 with vulnerable…

C:\Users\wnoguchi\Documents\projects\networking\cisco\cml\2.0\toybox>"C:\Users\wnoguchi\Downloads\plink.exe" -V
plink: Release 0.70
Build platform: 64-bit Windows
Compiler: clang 5.0.0 (http://llvm.org/git/clang.git dba970f4d143480b964f77b363ec23f22cea0390) (http://llvm.org/git/llvm.git 52ebe03cb0a728134e66d04f85281bc5a60d7091), emulating Visual Studio 2013 / MSVC++ 12.0 (_MSC_VER=1800)
Source commit: 3cd10509a51edf5a21cdc80aabf7e6a934522d47

working….

OK, I found following changes…

  -noshare  disable use of connection sharing
  -share    enable use of connection sharing
  -sanitise-stderr, -sanitise-stdout, -no-sanitise-stderr, -no-sanitise-stdout
            do/don't strip control chars from standard output/error
  -no-antispoof   omit anti-spoofing prompt after authentication

Data written to the pipe is neither in a supported pcap format nor in pcapng format - Ask Wireshark

I have same issue, and solved by using plink.exe 0.70. But I dont't want to use vulnerable version of PuTTY … I found plink.exe between 0.70 and 0.73 option changes affects default behavior. Finally, I identified required that explicitly disable interactive input as follows:

-batch

or

-no-antispoof

It works latest 0.74.

see following link more detail

packet_capture · master · CML 2.0 / toybox · GitLab

packet_capture.bat
@echo off
 
set CML_2_PUTTY_SESSION=cml-controller.pg1x.net
 
set WIRESHARK_PATH=%PROGRAMFILES%\Wireshark\Wireshark.exe
set PLINK_PATH=%PROGRAMFILES%\PuTTY\plink.exe
 
TITLE CML 2.0 Live PCap
MODE con:cols=128 lines=12
COLOR 1F
 
"%PLINK_PATH%" -load %CML_2_PUTTY_SESSION% -share -batch "sudo ls -l /var/tmp/*.pcapng"
 
set /P PCAP_FILE="Input pcapng filename(e.g. wireshark_-_20200723081835_uxIfL5.pcapng): "
 
echo.
echo Reading live pCap from file %PCAP_FILE%.
echo Close this window to stop capture!
echo.
"%PLINK_PATH%" -load %CML_2_PUTTY_SESSION% -share -batch "sudo tail -f /var/tmp/%PCAP_FILE% -n +1" | "%WIRESHARK_PATH%" -k -i -
.\packet_capture.bat

Junk Memo

nc -kul
/bin/bash /var/local/virl/logs/4438199f-ceda-4acd-a642-f3a7bea4ec57.cmd 4438199f-ceda-4acd-a642-f3a7bea4ec57 socat -U TCP6-LISTEN:'10001,fork,max-children=3' SYSTEM:'timeout 86400 tcpdump -U -i tap6774d374-40 -w - -W 1 -c 1000000 -G 86400 --  | dd bs=1 count=10MB'
socat -U TCP6-LISTEN:10001,fork,max-children=3 SYSTEM:timeout 86400 tcpdump -U -i tap6774d374-40 -w - -W 1 -c 1000000 -G 86400 --  | dd bs=1 count=10MB

References

tech/network/cml/2.0/how-to-packet-capture-with-wireshark/how-to-packet-capture-with-wireshark.txt · Last modified: 2020/07/24 13:41 by wnoguchi