Range Troubleshooting¶
VM Cannot Reach Another Service¶
Check the range inventory first. The cockpit can only show traffic that is explicitly routed through a Seam listener.
- Confirm source VM points at the Seam listener, not directly at the upstream.
- Confirm the Seam listener points at the correct upstream VM and port.
- Confirm firewall rules allow the routed path.
No Traffic In The Cockpit¶
The cockpit reads artifacts. If no transcript grows, traffic is not crossing Seam.
seam session tail --transcript /var/ait/transcripts/edge.json --follow
If the transcript is empty, test with a direct curl through the listener.
Assay Does Not Prove Impact¶
Assay only accepts oracle evidence. A target response saying "done" is not proof by itself.
- Check the tripwire file or callback oracle.
- Check direct route remains
0/N. - Check laundered or rewritten route is
>0/N. - Check transcript refs in the finding point to records that crossed Seam.
meshmapper Shows Too Many Paths¶
meshmapper emits unproven hypotheses. Use filters by class and selected path. The next operator step is to bind a specific path into an Assay case, not to treat every path as a finding.
Ludus Deploy Fails¶
- Verify template names exist on the Ludus host.
- Verify VLANs and IP octets do not conflict with existing ranges.
- Validate the selected profile before deployment.
- Tail deployment logs with
ludus range logs -f. - Start with
compact, then move tostandard, thenfull-split.
lab/range/scripts/check_range.sh --profile compact
lab/range/scripts/check_range.sh --profile standard
lab/range/scripts/check_range.sh --profile full-split
Artifact Collection Does Not Fetch Remote Files¶
collect_artifacts.sh creates the local run directory by default. Add --fetch
only after the range VMs are reachable over SSH.
lab/range/scripts/collect_artifacts.sh \
--profile standard \
--out .ait/runs/range-standard \
--fetch