Introduction

You can start a trace directly on the PBX using the ssh console (see FAQ T640 T440 Tcpdump capturing commands). But you would still need WinSCP to download the captured file for further analysis.

With the attached file, you can start the batchfile directly in Windows. The PBX will stream the complete traffic into the local wireshark. You can set the filters then in wireshark.

Attention!

As the output/stream can be very big, please use a corded connection to the network. Wireless connection might not be sufficient for capturing.

 

Files for tracing

Two files are necessary to start the tracing:

  1. wireshark galilei++.bat
  2. plink.exe

Both files need to be in the same directory and are part of the zipfile you can download from this page.

Plink.exe is part from the ssh client putty.

Options in batchfile

When starting the batchfile you can configure several options:

  1. IP address of T440/640 (target), default: 192.168.0.50
  2. Admin/root password/pin, default: 0000
  3. Port, default: ANY
  4. Host, default: ANY
  5. Interface for capturing, default: eth2
  6. Path to wireshark, default: C:\Program Files\Wireshark\Wireshark.exe

When you want to use the default settings, just press ENTER.

Planned upgrades

  • add port filter (done)
  • add ip-address filter (done)
  • add option to configure path to wireshark executable (right now fixed to: C:\Program Files\Wireshark\Wireshark.exe) (done)

Download

Supports Windows 7:

wireshark galilei++V0.5.zip

 

Supports Windows 10:

wireshark galilei++V0.6.zip

  • No labels