There are two ways to capture OAP/NAP message between WebGate and OAM Server.
- 1. Live capture of the OAP/NAP messages.
- 2. Take a tcp dump and then analyse the OAP/NAP messages.
1. Live capture of the NAP messages.
i. Start the Wireshark.
ii. Goto Capture Menu -> Interfaces, select the device and click on start to capture the traffic. This will start capturing all the packets on the selected device.
iii. Goto Capture Menu -> Capture Filters, Select the filter to capture traffic on particular host and/or port. Here you need to provide the host/ip and/or port OAM Server.
iv. You will get the captured traffic list, the "ora-oap" traffic is NAP message, the sample is
10 0.005353 192.168.99.26 192.168.80.199 TCP 62 56830 > ora-oap [PSH, ACK] Seq=1 Ack=1 Win=65536 Len=5
Click on the TCP message summary, the detail of the NAP message will be displayed in Middle window of Wireshark. Click on the "data" in middle wireshark window to view the data of NAP message.
v. Click Capture menu -> Stop once you are done.
ii. Goto Capture Menu -> Interfaces, select the device and click on start to capture the traffic. This will start capturing all the packets on the selected device.
iii. Goto Capture Menu -> Capture Filters, Select the filter to capture traffic on particular host and/or port. Here you need to provide the host/ip and/or port OAM Server.
iv. You will get the captured traffic list, the "ora-oap" traffic is NAP message, the sample is
10 0.005353 192.168.99.26 192.168.80.199 TCP 62 56830 > ora-oap [PSH, ACK] Seq=1 Ack=1 Win=65536 Len=5
Click on the TCP message summary, the detail of the NAP message will be displayed in Middle window of Wireshark. Click on the "data" in middle wireshark window to view the data of NAP message.
v. Click Capture menu -> Stop once you are done.
2. Take a tcpdump and then analyse the NAP mesages.
i. Take tcp dump of traffic on OAM Server box using following command:
/usr/sbin/tcpdump -i any -s 65535 -w <file location of dump file> port <OAM Server proxy port>
e.g. /usr/sbin/tcpdump -i any -s 65535 -w /tmp/wg.cap port 5575
You need root previlege to run this command, use sudo.
ii. Once capture is done, stop the capture with ctrl + c.
iii. Transfer the tcp dump file to local box.
iv. Open the dump file using wireshark.
v. You will get the captured traffic list, the "ora-oap" traffic is OAP/NAP message, the sample is
10 0.005353 192.168.99.26 192.168.80.199 TCP 62 56830 > ora-oap [PSH, ACK] Seq=1 Ack=1 Win=65536 Len=5
Click on the TCP message summary, the detail of the OAP/NAP message will be displayed in Middle window of Wireshark. Click on the "data" in middle wireshark window to view the data of OAP/NAP message.
Very helpful!!
ReplyDelete