I cant seem to get ROS 3.X (stable) to send any "sniff pakets" to the CALEA server.
I have created the SRC and DST rules in the forward chain, but torch chows no pakets sent to the CALEA server.
I see the folder structure being built on the "server" but no files (as there are no capture pakets being sent)..
I am trying to test this on an X86 platform... I have tried with the CALEA server both local and remote..
Any Ideas??
CALEA rules.
Sniffing router:
0 chain=forward action=sniff-pc sniff-target=10.0.0.3 sniff-target-port=5555 sniff-id=100 src-address=192.168.0.254
1 chain=forward action=sniff-pc sniff-target=10.0.0.3 sniff-target-port=5555 sniff-id=100 dst-address=192.168.0.254
2 chain=forward action=sniff-pc sniff-target=10.0.0.3 sniff-target-port=5555 sniff-id=100 src-address=10.0.0.33
3 chain=forward action=sniff-pc sniff-target=10.0.0.3 sniff-target-port=5555 sniff-id=100 dst-address=10.0.0.33
(You should only need two rules, but I am trying to get ANYTHING and was wondering if the NAT was comming into play)
CALEA setting for "Server":
0 case-id=100 case-name="CALEA" intercept-ip=10.0.0.32 intercept-port=5555
action=pcap pcap-file-stop-interval=15m pcap-file-stop-size=1024
pcap-file-stop-count=0 pcap-file-hash-method=md5
I am trying to write code to copy the CALEA files to a secure FTP files for the LEAs to access...
Re: CALEA Sniff packets not created, and so, no files
Do you have counters incrementing for these rules ?
As far I could see,my counters are not incrementing.
As far I could see,my counters are not incrementing.
Re: CALEA Sniff packets not created, and so, no files
This issue will be fixed in the next RouterOS version.
Re: CALEA Sniff packets not created, and so, no files
Cool....
I was beginning to think I had lost my mind... ( Where did I put that thing anyway........ )
It is hard to write code to move the "sniff" files off of the router to an FTP server when the files won't generate.
Have a good one...
I was beginning to think I had lost my mind... ( Where did I put that thing anyway........ )
It is hard to write code to move the "sniff" files off of the router to an FTP server when the files won't generate.
Have a good one...
Re: CALEA Sniff packets not created, and so, no files
It gets a bit stranger...
I upgraded to 3.3..
Still no pakets..
Add some output rules and guess what... Packets !! and now files !!
disable forwarding rules and pakets stop.
enable forward rules and disable output rules and no pakets...
enable forward and output rules and pakets !!
Uhm uhm Uhm... blblblblbabbb I dont get it....
Well I will use the files to work with, but I still dont get it...
I upgraded to 3.3..
Still no pakets..
Add some output rules and guess what... Packets !! and now files !!
disable forwarding rules and pakets stop.
enable forward rules and disable output rules and no pakets...
enable forward and output rules and pakets !!
Uhm uhm Uhm... blblblblbabbb I dont get it....
Well I will use the files to work with, but I still dont get it...
Re: CALEA Sniff packets not created, and so, no files
More fun...
For you folks that capture your CALEA files on a small router IE routerboard, keep in mind that it is not hard to overrun your storage space !!!
You can easaly run into a case where you cant backup the router, log data etc...
It would be NICE if we could re dirrect the files to SATA storage etc.
I was testing and over run the storage n 15Min. (small hard drive)...
For you folks that capture your CALEA files on a small router IE routerboard, keep in mind that it is not hard to overrun your storage space !!!
You can easaly run into a case where you cant backup the router, log data etc...
It would be NICE if we could re dirrect the files to SATA storage etc.
I was testing and over run the storage n 15Min. (small hard drive)...
Re: CALEA Sniff packets not created, and so, no files
Craig,
as far as I know there are plans to add support for saving CALEA information to external drive.
As well as far as I know you do not need to store CALEA information all the time 24/7/365, or I'm wrong ?
Of course small hard-drive could not be enough to store all the information, so that's why you can consider about installing CALEA server to router, where large hard drive is used.
as far as I know there are plans to add support for saving CALEA information to external drive.
As well as far as I know you do not need to store CALEA information all the time 24/7/365, or I'm wrong ?
Of course small hard-drive could not be enough to store all the information, so that's why you can consider about installing CALEA server to router, where large hard drive is used.
Re: CALEA Sniff packets not created, and so, no files
I would like the ability to store calea on a second hard drive. Is that possible? I don't want to have to re-install routerOS just to get more hard disk capacity if needed for unknown calea needs.
Re: CALEA Sniff packets not created, and so, no files
as far as I know there are plans to add support for saving CALEA information to external drive.
Re: CALEA Sniff packets not created, and so, no files
Yes, you must store all information all of the time 24/7/365 once a lawful intercept is presented. You must perform one of the two different types of intercepts for the duration of the request presented in the lawful intercept request. At the end of the duration of the intercept request, you must continue to store the data - though I don't remember what the required duration is. Something like 90 or 120 days I think.As well as far as I know you do not need to store CALEA information all the time 24/7/365, or I'm wrong ?
This means you either capture TCP/IP headers ONLY, or the FULL data stream. Both types of intercept requests are defined in the CALEA rules.
For a case where a lawful intercept request is made for the FULL TCP/IP stream of a customer, if they are doing much traffic that can add up very fast; especially consider if the intercept request is for 30-60 days! This could easily result in dozens of gigabytes of data.
I would really, really like to be able to store CALEA captures on a secondary hard drive, I have emailed support about this and am awaiting an answer.
The situation I have is that I've got ROS running off of a CF drive (for reliability) and would like to store CALEA captures on the freshly installed 320GB ATA drive.
Worst case, if ROS can't do it, I'll make the feature request then just install ROS on the hard drive; but I really would prefer having my system on CF and then only data stored on the HD. Then, when the HD isn't in use, the system can just power it down
Re: CALEA Sniff packets not created, and so, no files
I thought CALEA was ruled unconstitutional...?
Re: CALEA Sniff packets not created, and so, no files
Have any links to share? I haven't heard that but would love it if it were true!I thought CALEA was ruled unconstitutional...?
Re: CALEA Sniff packets not created, and so, no files
are you sure?on May 5, 2006, a group of higher education and library organizations led by the American Council on Education (ACE) challenged that ruling, arguing that the FCC’s interpretation of CALEA was unconstitutional under the Fourth Amendment. However, on June 9, 2006, the D.C. Circuit Court disagreed and summarily denied the petition (American Council on Education vs. FCC, United States Court of Appeals for the District of Columbia Circuit, Decision 05-1404, June 9, 2006).
Re: CALEA Sniff packets not created, and so, no files
Yes, you must store all information all of the time 24/7/365 once a lawful intercept is presented. You must perform one of the two different types of intercepts for the duration of the request presented in the lawful intercept request. At the end of the duration of the intercept request, you must continue to store the data - though I don't remember what the required duration is. Something like 90 or 120 days I think.As well as far as I know you do not need to store CALEA information all the time 24/7/365, or I'm wrong ?
This means you either capture TCP/IP headers ONLY, or the FULL data stream. Both types of intercept requests are defined in the CALEA rules.
For a case where a lawful intercept request is made for the FULL TCP/IP stream of a customer, if they are doing much traffic that can add up very fast; especially consider if the intercept request is for 30-60 days! This could easily result in dozens of gigabytes of data.
I would really, really like to be able to store CALEA captures on a secondary hard drive, I have emailed support about this and am awaiting an answer.
The situation I have is that I've got ROS running off of a CF drive (for reliability) and would like to store CALEA captures on the freshly installed 320GB ATA drive.
Worst case, if ROS can't do it, I'll make the feature request then just install ROS on the hard drive; but I really would prefer having my system on CF and then only data stored on the HD. Then, when the HD isn't in use, the system can just power it down
hello,
could please tell me how to capture only TCP/IP headers in calea
Thanks,
Sathish
Who is online
Users browsing this forum: No registered users and 22 guests