FIX: SOC PCAP column headers hidden from view

[dougburks]

Discussed in #14233

^{Originally posted by Ximalas February 14, 2025}

Version

2.4.120

Installation Method

Security Onion ISO image

Description

other (please provide detail below)

Installation Type

Distributed

Location

on-prem with Internet access

Hardware Specs

Exceeds minimum requirements

CPU

32

RAM

384 GB

Storage for /

155 GB (manager)

Storage for /nsm

312 GB (manager)

Network Traffic Collection

tap

Network Traffic Speeds

1Gbps to 10Gbps

Status

Yes, all services on all nodes are running OK

Salt Status

No, there are no failures

Logs

No, there are no additional clues

Detail

I upgraded our fleet to 2.4.120 this morning, around 09:00 UTC. No issues of any kind, except:

The column headers for PCAP are briefly shown, then hidden by the PCAP banner, with the plus button on the left, making it impossible to sort on any columns. Maybe this is intended, but I would argue it's handy to sort the table using any of the available columns.

Also, the contents of each PCAP no longer corresponds to the metadata shown in the pull down.

I didn't have any use for the previously generated PCAPs, so I deleted everything and repeated the latest one. At least the contents of this PCAP matches the metadata shown in the pull down.

Guidelines

• I have read the discussion guidelines at Read before posting! #1720 and assert that I have followed the guidelines.

[dougburks]

@Ximalas Thanks for reporting this.

The column headers for PCAP are briefly shown, then hidden by the PCAP banner, with the plus button on the left, making it impossible to sort on any columns. Maybe this is intended, but I would argue it's handy to sort the table using any of the available columns.

I can confirm that this is a bug so I've converted this discussion to an issue.

Also, the contents of each PCAP no longer corresponds to the metadata shown in the pull down.

I haven't been able to duplicate this. Can you provide any further information?

[Ximalas]

We had several PCAPs stored on the manager. After the upgrade, none of them were shown in a numerical ascending order. I clicked on one of them, and adjusted the URL to, say PCAP 1211. The metadata at the top matched this particular PCAP, but the contents of the PCAP was something else entirely.

It's hard to reproduce this particular issue now that I have cleared everything. Later created PCAPs are shown in numerical ascending order, and the packets shown matches what I searched for.

[dougburks]

Here's the fix for the next version:
Security-Onion-Solutions/securityonion-soc#751

[dougburks]

If your SOC PCAP column headers are currently hidden, you should be able to restore them by clearing your browser cache OR doing the following:

• go to DevTools > Application > Storage > Local storage > [soc url]
• find the key settings.jobs.sortBy and delete it
• refresh the page

However, you will need to wait for 2.4.130 if you want to sort the PCAP page by non-standard values.

[Ximalas]

In my case settings.jobs.sortBy was set to number. I'm not sure what value it had earlier today.