Monitor traffic interface issue

blackmetal · April 10, 2020, 10:14am

Hello,
i generate an attack with kali towards 192.168.1.1 (for example) and this is set on my uplink on my vyos and when i execute “monitor traffic interface any” it does not show anything but when i execute “monitor traffic interface any filter ‘dst 192.168.1.1’” it show dump,
any idea on this?
Thank you.

Viacheslav · April 10, 2020, 11:02am

@blackmetal Can you show messages after ctrl-c?
All messages.

blackmetal · April 10, 2020, 11:31am

@Viacheslav
vyos@yyyyyyy:~$ monitor traffic interface any
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
15:59:48.396187 IP yyyyyy.com.ssh > xxxxxxxxxxxx.53912: Flags [P.], seq 2807939341:2807939377, ack 302387061, win 791, length 36

1 packet captured
4336 packets received by filter
4329 packets dropped by kernel

this is the output

Viacheslav · April 10, 2020, 4:34pm

Tcpdump tries to resolve IP addresses to their reverse DNS lookup records ".in- addr . arpa ".
Need additional keys.
monitor traffic interface any filter -n

system · April 12, 2020, 4:34pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.