Michael Davidsaver created some lua plugins for wireshark that can be used to help diagnose gateway related protocol issues.
https://github.com/mdavidsaver/cashark/
Nominally you just clone the above repo to get the scripts and point wireshark or tshark at them.
tshark example
tshark -X lua_script:/cds/home/b/bhill/git-wa-neh/misc/cashark-git/ca.lua -PO ca -r ~/tmp/bh-ca1.pcap
However, I was looking to capture and analyze a full caget exchange between a client and a gateway on one of the PCDS gateway hosts. I ran the client caget on a development host that no one was logged onto but me and suspended the IOCs so there wouldn't be any network traffic from them. The following command captured 19 packets
sudo tcpdump -i enp2s0f0.650 -X -nn host 172.21.148.45
Overview
Content Tools