Packet Capture (also known as pcaps) are vital for our team to investigate any sort of leak or bypass to any of our L7 application filters. If you are requested to submit a pcap or traffic capture please follow this article on how to complete such a request.
Depending on your operating system this process may differ. This guide offers to show the easiest way to complete a packet capture for the two most popular base OS systems. If your OS is not listed then please reach out to support and we can assist you with next steps.
Linux
Downloading packages
We will be using the tcpdump package for this tutorial. README can be found here.
Ensure your kernel is up to date and use the command
For Debian or Ubuntu: apt-get install tcpdump
For CentOS: yum install tcpdump
Capturing packets/data
As an example we will be capturing the packets coming into our game server on port **25565** for our Minecraft server, however can be changed depending on the game and port, along with the snap length of the packet. Just note, Tcpdump snap length by default is not unlimited to use -s0 flag options to capture full-frame length.
While the packet capture is running please redo/run the task that you are having issues with (ie during a suspected attack if you see a leak through our firewall).
The following command will capture all packets coming in on 25565 until CTRL + C is executed. It will then save to the file named capture.pcap in the root directory.
tcpdump -s0 --interface any -w capture.pcap -nn port 25565
You will have to modify this depending on your use case, ie -nn port {PORT} for other games with multiple game ports use -s0 -nn "port {PORT1} and port {PORT2}"
The command line argument -c5 {protocol} can be used to limit the capture to a specific protocol, ie if you only wanted to watch TCP packets on a port.
This however shouldn't be used for regular pcap requests as sometimes it can filter out required information.
Uploading and submitting
That's it you're done! Once you have recorded your pcap either open a ticket stating your issue attaching the .pcap file in your root directory, or reply to the ticket you opened already!
Comments
0 comments
Article is closed for comments.