Project

General

Profile

Actions

Feature #13094

open

Allow packet capture filtering in tagged packets

Added by Steve Wheeler 2 months ago. Updated 2 months ago.

Status:
Pull Request Review
Priority:
Normal
Category:
Packet Capture
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Plus-Next
Release Notes:
Default

Description

Currently the host filtering options in the webgui packet capture do not match VLAN or QinQ tagged traffic.

It would be very useful to be able to filter for that when looking for VLAN traffic on an interface carrying untagged traffic.

Currently 'Host Address' field is used as a host or subnet only:

/usr/sbin/tcpdump -i ix3 -c 1000 -s 0 -w /root/packetcapture.cap ( host 10.229.0.1)

/usr/sbin/tcpdump -i ix3 -c 1000 -s 0 -w /root/packetcapture.cap ( net 10.229.0.0/24)

To match tagged traffic that command needs to be:

/usr/sbin/tcpdump -i ix3 -c 1000 -s 0 -w /root/packetcapture.cap ( vlan and net 10.229.0.0/24)

Or tagged and untagged traffic:

/usr/sbin/tcpdump -i ix3 -c 1000 -s 0 -w /root/packetcapture.cap ( net 10.229.0.0/24) or (vlan and net 10.229.0.0/24)

Actions #1

Updated by Marcos Mendoza 2 months ago

  • Assignee set to Marcos Mendoza
Actions #2

Updated by Marcos Mendoza 2 months ago

  • Status changed from New to Pull Request Review

https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/741

Old behavior:
  • No filter specified: vlan packets included.
  • Filter specified: no vlan packets included.
New behavior:
  • No filter specified: vlan packets included.
  • Filter specified: vlan packets included.
  • Filter specified or not, with exclude vlan checked: no vlan packets included.
Actions #3

Updated by Steve Wheeler 2 months ago

That works for me in all tested cases.

Actions

Also available in: Atom PDF