Security

I'm trying to retrieve a packet capture from clearpass.

The way I thought this could be done is via Administration » Server Manager » Server Configuration » Collect Logs

Here I select only " Capture network packets Duration of dump: 60 secs.".

 

After triggering the authentication I want to see, I stop the doanload (also tried letting it run for full duration) and then download the resulting .tar.gz file.

Winrar however says this tar.gz file is corrupt and won't let me open it. 7Zip does manage to open te file and gives me a .tar file. 

This .tar I can open with both winrar and 7Zip. The final file is a file without extention which cannot be loaded into wireshark.

 

How do I get a readable packet capture so I can analyze whats going wrong with avaya ers4500 mac auth?

Right.. first check help, then continue.

That file inside the .tar which in turn was inside a tar.gz appeared to be a .zip file with no extention.

Change extention to .zip and I can extract the .cap file I wanted.

 

Might be a good idea to actualy give the zip archiove an actual .zip extention? 

Thanks @koenv for the information.

I've noticed in the latest releases of chrome the zip file extension is being changed. If you need to do a backup or packet capture I would recommend you use Firefox or Safari until engineering can investigate it more.