Project

General

Profile

Actions

Feature #13382

open

More flexible packet capture GUI

Added by Marcos M about 2 months ago. Updated about 2 months ago.

Status:
Pull Request Review
Priority:
Normal
Assignee:
Category:
Diagnostics
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
22.11
Release Notes:
Default

Description

The current packet capture page has limited filter functionality. This is a complete re-write of the Packet Capture page.

Changes:
  • Saved filename now includes the interface and start time.
  • Promiscuous mode is enabled by default.
  • Default packet count is set to 1000 instead of 100.
Enhancements:
  • Automatically convert IP subnet input to a valid subnet to avoid the "non-network bits set" error. This allows the input of e.g. 10.0.0.1/24.
  • Allow stopping a running capture even with input errors in the form.
  • Avoid writing an extra file by reading the last capture start time from the file name.
  • Keep previous packet captures on the disk (removed when the Clear button is clicked).
New:
  • Allow matching on multiple attribute/type values, e.g. tcp or udp.
  • Allow setting custom values for all types, e.g. ether proto 0x88cc.
  • Allow filtering for VLAN tags (including QinQ).
  • Allow filtering on interfaces that are not assigned (e.g. for VLAN parent interfaces).
Missing (for future MR):
  • Implement a live preview like nmap or package manager.
  • Run multiple packet captures at the same time.

Files

838.diff (61 KB) 838.diff Marcos M, 08/08/2022 08:58 PM

Related issues

Related to Feature #13322: Define Packet Capture ProtocolIn ProgressMarcos M

Actions
Related to Feature #13094: Allow packet capture filtering in tagged packetsIn ProgressMarcos M

Actions
Related to Feature #13411: Packet capture does not support 6rd tunnelsPull Request ReviewMarcos M

Actions
Actions #1

Updated by Marcos M about 2 months ago

Actions #2

Updated by Marcos M about 2 months ago

  • Related to Feature #13094: Allow packet capture filtering in tagged packets added
Actions #3

Updated by Marcos M about 2 months ago

  • Status changed from New to In Progress
Actions #4

Updated by Marcos M about 2 months ago

  • Target version set to 2.7.0
  • Plus Target Version set to 22.11
Actions #5

Updated by Christopher Cope about 2 months ago

Promiscuous mode is on by default, as compared to previously where it is off by default, and turning it off doesn't seem to work.

When I turn it off and then click Start it turns back on and the command ran doesn't change.

Actions #6

Updated by Marcos M about 2 months ago

It's now fixed. Since it's currently still a work in progress, please leave feedback on the MR page if you have access - thanks!

Actions #7

Updated by Louis B about 2 months ago

Sometimes, I would like to monitor what is happening on multiple vlans = interfaces at the same time. So I would be glad to see an option to start a packet capture on interface-1, and keep that one running when switching to inteface-2 and start another one.

Perhaps I can do that by starting two pfSense gui instances in parallel, however I am not sure that works.

Actions #8

Updated by Marcos M about 2 months ago

  • Description updated (diff)
  • Status changed from In Progress to Pull Request Review
  • % Done changed from 0 to 100

Louis B wrote in #note-7:

Sometimes, I would like to monitor what is happening on multiple vlans = interfaces at the same time. So I would be glad to see an option to start a packet capture on interface-1, and keep that one running when switching to inteface-2 and start another one.

Perhaps I can do that by starting two pfSense gui instances in parallel, however I am not sure that works.

For now, this can be achieved by capturing on the VLAN parent interface (given the VLANs are on the same interface).

Actions #9

Updated by Marcos M about 2 months ago

  • File 838.diff added
Actions #10

Updated by Marcos M about 2 months ago

  • File deleted (838.diff)
Actions #11

Updated by Marcos M about 2 months ago

  • File 838.diff added
  • Description updated (diff)
Actions #12

Updated by Marcos M about 2 months ago

  • Description updated (diff)
Actions #13

Updated by Marcos M about 2 months ago

  • File deleted (838.diff)
Actions #14

Updated by Marcos M about 2 months ago

Actions #15

Updated by Marcos M about 1 month ago

  • Related to Feature #13411: Packet capture does not support 6rd tunnels added
Actions

Also available in: Atom PDF