This may be off topic, but I think my ethereal question might be simple enough.
I am presently compiling ethereal on a CentOS platform to check it out.
But the packets I want to monitor are actually on a different CentOS platform, and I'd rather not install Ethereal on it, if for no other reason I don't have X-Windows installed on that platform.
My question is, can I monitor/write packets to a file on the more remote machine, and then analyze the packets on another machine using my ethereal SW?
Can I sniff the packets on the remote w/o a full install of ethereal? === Al
Quoting Al Sparks data345@yahoo.com:
This may be off topic, but I think my ethereal question might be simple enough.
I am presently compiling ethereal on a CentOS platform to check it out.
But the packets I want to monitor are actually on a different CentOS platform, and I'd rather not install Ethereal on it, if for no other reason I don't have X-Windows installed on that platform.
My question is, can I monitor/write packets to a file on the more remote machine, and then analyze the packets on another machine using my ethereal SW?
Can I sniff the packets on the remote w/o a full install of ethereal? === Al
The new name for ethereal is wireshark. You can use tshark (text-based version of wireshark) or tcpdump to sniff the network and save the packet capture data in libpcap format which you can then transfer to your machine with wireshark on it. Also, you could install wireshark on the remote system and export the wireshark session to your CentOS machine with an X server in real time.
Hope this helps.
Barry
yup. use tcpdump on the remote machine to create a pcap file like so
tcpdump -i eth0 -n -s0 -w file.cap
then just copy that file over and read it with ethereal.
Al Sparks wrote:
This may be off topic, but I think my ethereal question might be simple enough.
I am presently compiling ethereal on a CentOS platform to check it out.
But the packets I want to monitor are actually on a different CentOS platform, and I'd rather not install Ethereal on it, if for no other reason I don't have X-Windows installed on that platform.
My question is, can I monitor/write packets to a file on the more remote machine, and then analyze the packets on another machine using my ethereal SW?
Can I sniff the packets on the remote w/o a full install of ethereal? === Al
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
The thing to do is to install wireshark on the system without X.
Then from a machine with X: ssh -Xf user@macine.without.x wireshark
Al Sparks wrote:
This may be off topic, but I think my ethereal question might be simple enough.
I am presently compiling ethereal on a CentOS platform to check it out.
But the packets I want to monitor are actually on a different CentOS platform, and I'd rather not install Ethereal on it, if for no other reason I don't have X-Windows installed on that platform.
My question is, can I monitor/write packets to a file on the more remote machine, and then analyze the packets on another machine using my ethereal SW?
Can I sniff the packets on the remote w/o a full install of ethereal? === Al
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Wed, 2008-01-16 at 13:18 -0800, Al Sparks wrote:
Can I sniff the packets on the remote w/o a full install of ethereal?
Typically something like this: tcpdump -s 1500 -i eth0 -w traffic.dmp
will do the trick. Then pull the file back to the machine with ethereal and open it there.
--Chris
-
Al Sparks -
Barry Brimer -
Chris Boyd -
Jason -
Milton Calnek