From: Milton Calnek milton@calnek.com
To: CentOS mailing list centos@centos.org Sent: Wednesday, January 16, 2008 12:50:47 PM Subject: Re: [CentOS] Capturing Packets -- Ethereal
The thing to do is to install wireshark on the system without X.
Then from a machine with X: ssh -Xf user@macine.without.x wireshark
Yours is the coolest answer, though the others were also helpful.
Thanks to all. === Al
Al Sparks wrote:
From: Milton Calnek milton@calnek.com
To: CentOS mailing list centos@centos.org Sent: Wednesday, January 16, 2008 12:50:47 PM Subject: Re: [CentOS] Capturing Packets -- Ethereal
The thing to do is to install wireshark on the system without X.
Then from a machine with X: ssh -Xf user@macine.without.x wireshark
Yours is the coolest answer, though the others were also helpful.
You can also 'ssh -Y user@machine', log in and 'wireshark &' to start it, which will open a new window on your desktop. I think you also need to install wireshark-gnome for the GUI part.
When capturing, you'll probably want to do capture/options and add a capture filter like 'not host your_desktop' to ignore the traffic that the window is sending.
On Wed, 2008-01-16 at 15:31 -0800, Al Sparks wrote:
From: Milton Calnek milton@calnek.com
To: CentOS mailing list centos@centos.org Sent: Wednesday, January 16, 2008 12:50:47 PM Subject: Re: [CentOS] Capturing Packets -- Ethereal
The thing to do is to install wireshark on the system without X.
Then from a machine with X: ssh -Xf user@macine.without.x wireshark
Yours is the coolest answer, though the others were also helpful.
It's cool, but you have to contend with the traffic generated by the ssh and X session overhead in your display and/or captured data, or exclude the IP address of the X server from display. This may or may not be an issue for you.
--Chris
Chris Boyd wrote:
On Wed, 2008-01-16 at 15:31 -0800, Al Sparks wrote:
From: Milton Calnek milton@calnek.com
To: CentOS mailing list centos@centos.org Sent: Wednesday, January 16, 2008 12:50:47 PM Subject: Re: [CentOS] Capturing Packets -- Ethereal
The thing to do is to install wireshark on the system without X.
Then from a machine with X: ssh -Xf user@macine.without.x wireshark
Yours is the coolest answer, though the others were also helpful.
It's cool, but you have to contend with the traffic generated by the ssh and X session overhead in your display and/or captured data, or exclude the IP address of the X server from display. This may or may not be an issue for you.
Yah, thats a good point. X generates a lot of traffic. If you're not on the localnet, you may not be able use this method.
In which case you should look into nx. It allows you to make X connections over lower speed networks, but it may require that you run X on the remote machine... I don't have much experience with it (one of these days).
-
Al Sparks -
Chris Boyd -
Les Mikesell -
Milton Calnek